Description
In the Linux kernel, the following vulnerability has been resolved:

ext4: always drain queued discard work in ext4_mb_release()

While reviewing recent ext4 patch[1], Sashiko raised the following
concern[2]:

> If the filesystem is initially mounted with the discard option,
> deleting files will populate sbi->s_discard_list and queue
> s_discard_work. If it is then remounted with nodiscard, the
> EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is
> neither cancelled nor flushed.

[1] https://lore.kernel.org/r/20260319094545.19291-1-qiang.zhang@linux.dev/
[2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev

The concern was valid, but it had nothing to do with the patch[1].
One of the problems with Sashiko in its current (early) form is that
it will detect pre-existing issues and report it as a problem with the
patch that it is reviewing.

In practice, it would be hard to hit deliberately (unless you are a
malicious syzkaller fuzzer), since it would involve mounting the file
system with -o discard, and then deleting a large number of files,
remounting the file system with -o nodiscard, and then immediately
unmounting the file system before the queued discard work has a change
to drain on its own.

Fix it because it's a real bug, and to avoid Sashiko from raising this
concern when analyzing future patches to mballoc.c.
Published: 2026-05-05
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a logic flaw in the ext4 filesystem where queued discard work is not flushed or cancelled when a filesystem is remounted with the nodiscard option after previously being mounted with discard. The result is that pending discard jobs may be left unexecuted, meaning data that was deleted may not be fully discarded from the storage device. This flaw does not allow arbitrary code execution, but it can lead to loss or unintended persistence of data and potentially compromise data confidentiality. It corresponds to resource‑leak and improper resource ownership weaknesses (CWE-772).

Affected Systems

The bug applies to all Linux kernel releases using the ext4 filesystem prior to the inclusion of the patch that forces discard work drain on unmount. All Linux kernel products that ship the ext4 filesystem are affected.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is < 1%. The vulnerability is not listed in CISA’s KEV catalog. Exploitation would require local control of the system to mount the filesystem with -o discard, delete files, remount with -o nodiscard, and immediately unmount before any drain completes. Because this sequence is difficult to orchestrate and does not provide external attack vectors, the likelihood of exploitation in the wild is low. The risk is mainly local data persistence or loss rather than remote compromise.

Generated by OpenCVE AI on May 7, 2026 at 04:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the ext4 drain‑work patch.
  • Until a kernel update is available, avoid switching between -o discard and -o nodiscard on the same mount. Use a single mode for the lifetime of the filesystem.
  • If mounting with discard, unmount the filesystem after deleting large numbers of files to ensure pending discards are drained.
  • Consider disabling discard entirely if data persistence or tamper‑resistance is a concern.

Generated by OpenCVE AI on May 7, 2026 at 04:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-584

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 05 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-584

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4_mb_release() While reviewing recent ext4 patch[1], Sashiko raised the following concern[2]: > If the filesystem is initially mounted with the discard option, > deleting files will populate sbi->s_discard_list and queue > s_discard_work. If it is then remounted with nodiscard, the > EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is > neither cancelled nor flushed. [1] https://lore.kernel.org/r/20260319094545.19291-1-qiang.zhang@linux.dev/ [2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev The concern was valid, but it had nothing to do with the patch[1]. One of the problems with Sashiko in its current (early) form is that it will detect pre-existing issues and report it as a problem with the patch that it is reviewing. In practice, it would be hard to hit deliberately (unless you are a malicious syzkaller fuzzer), since it would involve mounting the file system with -o discard, and then deleting a large number of files, remounting the file system with -o nodiscard, and then immediately unmounting the file system before the queued discard work has a change to drain on its own. Fix it because it's a real bug, and to avoid Sashiko from raising this concern when analyzing future patches to mballoc.c.
Title ext4: always drain queued discard work in ext4_mb_release()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:02.221Z

Reserved: 2026-05-01T14:12:55.981Z

Link: CVE-2026-43065

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-05T16:16:15.683

Modified: 2026-05-06T13:08:07.970

Link: CVE-2026-43065

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-05T00:00:00Z

Links: CVE-2026-43065 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T04:15:21Z

Weaknesses