Description
In the Linux kernel, the following vulnerability has been resolved:

null_blk: fix kmemleak by releasing references to fault configfs items

When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk
driver sets up fault injection support by creating the timeout_inject,
requeue_inject, and init_hctx_fault_inject configfs items as children
of the top-level nullbX configfs group.

However, when the nullbX device is removed, the references taken to
these fault-config configfs items are not released. As a result,
kmemleak reports a memory leak, for example:

unreferenced object 0xc00000021ff25c40 (size 32):
comm "mkdir", pid 10665, jiffies 4322121578
hex dump (first 32 bytes):
69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_
69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........
backtrace (crc 1a018c86):
__kmalloc_node_track_caller_noprof+0x494/0xbd8
kvasprintf+0x74/0xf4
config_item_set_name+0xf0/0x104
config_group_init_type_name+0x48/0xfc
fault_config_init+0x48/0xf0
0xc0080000180559e4
configfs_mkdir+0x304/0x814
vfs_mkdir+0x49c/0x604
do_mkdirat+0x314/0x3d0
sys_mkdir+0xa0/0xd8
system_call_exception+0x1b0/0x4f0
system_call_vectored_common+0x15c/0x2ec

Fix this by explicitly releasing the references to the fault-config
configfs items when dropping the reference to the top-level nullbX
configfs group.
Published: 2026-01-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Leak and Potential Resource Exhaustion
Action: Patch Immediately
AI Analysis

Impact

The vulnerability causes unreferenced configfs items to persist after a null_blk device is removed, leading kmemleak to report a memory leak. The leak can consume kernel memory over time but does not provide direct code execution or privilege escalation. The weakness follows a classic resource‑leak pattern.

Affected Systems

All Linux kernel installations that include the null_blk driver with CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION enabled are affected. The issue is present in kernel releases where the null_blk fault‑injection code was patched to release references upon device removal, as referenced by the linked commit identifiers.

Risk and Exploitability

The CVSS score of 5.5 denotes moderate severity, while the EPSS score is less than 1 % indicating a very low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack would be local and would require root or kernel‑module privileges to activate fault injection and trigger the memory leak. Because the impact is limited to memory consumption and not immediate privilege escalation, overall risk remains moderate.

Generated by OpenCVE AI on April 18, 2026 at 18:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the null_blk patch releasing fault‑config references upon device removal.
  • If an immediate kernel upgrade is not feasible, disable the CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION option in the kernel configuration to remove the fault‑injection path.
  • Continuously monitor kmemleak output for unreferenced objects after null_blk device removal to ensure the leak has been fully mitigated.

Generated by OpenCVE AI on April 18, 2026 at 18:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6126-1 linux security update
History

Sat, 18 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Mon, 02 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Sat, 31 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example: unreferenced object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group.
Title null_blk: fix kmemleak by releasing references to fault configfs items
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:37:26.714Z

Reserved: 2026-01-13T15:37:45.942Z

Link: CVE-2026-23032

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-01-31T12:16:06.513

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23032

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-31T00:00:00Z

Links: CVE-2026-23032 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:45:05Z

Weaknesses