Description
In the Linux kernel, the following vulnerability has been resolved:

ext4: always drain queued discard work in ext4_mb_release()

While reviewing recent ext4 patch[1], Sashiko raised the following
concern[2]:

> If the filesystem is initially mounted with the discard option,
> deleting files will populate sbi->s_discard_list and queue
> s_discard_work. If it is then remounted with nodiscard, the
> EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is
> neither cancelled nor flushed.

[1] https://lore.kernel.org/r/20260319094545.19291-1-qiang.zhang@linux.dev/
[2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev

The concern was valid, but it had nothing to do with the patch[1].
One of the problems with Sashiko in its current (early) form is that
it will detect pre-existing issues and report it as a problem with the
patch that it is reviewing.

In practice, it would be hard to hit deliberately (unless you are a
malicious syzkaller fuzzer), since it would involve mounting the file
system with -o discard, and then deleting a large number of files,
remounting the file system with -o nodiscard, and then immediately
unmounting the file system before the queued discard work has a change
to drain on its own.

Fix it because it's a real bug, and to avoid Sashiko from raising this
concern when analyzing future patches to mballoc.c.
Published: 2026-05-05
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a logic flaw in the ext4 filesystem where queued discard work is not flushed or cancelled when a filesystem is remounted with the nodiscard option after previously being mounted with discard. The result is that pending discard jobs may be left unexecuted, meaning data that was deleted may not be fully discarded from the storage device. This flaw does not allow arbitrary code execution, but it can lead to loss or unintended persistence of data and potentially compromise data confidentiality. It corresponds to a resource‑leak weakness (CWE‑584).

Affected Systems

The bug applies to all Linux kernel releases using the ext4 filesystem prior to the inclusion of the patch that forces discard work drain on unmount. All Linux kernel products that ship the ext4 filesystem are affected.

Risk and Exploitability

The CVSS score is not available, and the EPSS score is not reported. The vulnerability is not listed in CISA’s KEV catalog. Exploitation would require local control of the system to mount the filesystem with -o discard, delete files, remount with -o nodiscard, and immediately unmount before any drain completes. Because this sequence is difficult to orchestrate and does not provide external attack vectors, the likelihood of exploitation in the wild is low. The risk is mainly local data persistence or loss rather than remote compromise.

Generated by OpenCVE AI on May 5, 2026 at 17:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the ext4 drain‑work patch.
  • Until a kernel update is available, avoid switching between -o discard and -o nodiscard on the same mount. Use a single mode for the lifetime of the filesystem.
  • If mounting with discard, unmount the filesystem after deleting large numbers of files to ensure pending discards are drained.
  • Consider disabling discard entirely if data persistence or tamper‑resistance is a concern.

Generated by OpenCVE AI on May 5, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-584

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4_mb_release() While reviewing recent ext4 patch[1], Sashiko raised the following concern[2]: > If the filesystem is initially mounted with the discard option, > deleting files will populate sbi->s_discard_list and queue > s_discard_work. If it is then remounted with nodiscard, the > EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is > neither cancelled nor flushed. [1] https://lore.kernel.org/r/20260319094545.19291-1-qiang.zhang@linux.dev/ [2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev The concern was valid, but it had nothing to do with the patch[1]. One of the problems with Sashiko in its current (early) form is that it will detect pre-existing issues and report it as a problem with the patch that it is reviewing. In practice, it would be hard to hit deliberately (unless you are a malicious syzkaller fuzzer), since it would involve mounting the file system with -o discard, and then deleting a large number of files, remounting the file system with -o nodiscard, and then immediately unmounting the file system before the queued discard work has a change to drain on its own. Fix it because it's a real bug, and to avoid Sashiko from raising this concern when analyzing future patches to mballoc.c.
Title ext4: always drain queued discard work in ext4_mb_release()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-05T15:23:25.326Z

Reserved: 2026-05-01T14:12:55.981Z

Link: CVE-2026-43065

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T16:16:15.683

Modified: 2026-05-05T16:16:15.683

Link: CVE-2026-43065

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T17:45:05Z

Weaknesses