Description
In the Linux kernel, the following vulnerability has been resolved:

ext4: always drain queued discard work in ext4_mb_release()

While reviewing recent ext4 patch[1], Sashiko raised the following
concern[2]:

> If the filesystem is initially mounted with the discard option,
> deleting files will populate sbi->s_discard_list and queue
> s_discard_work. If it is then remounted with nodiscard, the
> EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is
> neither cancelled nor flushed.

[1] https://lore.kernel.org/r/20260319094545.19291-1-qiang.zhang@linux.dev/
[2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev

The concern was valid, but it had nothing to do with the patch[1].
One of the problems with Sashiko in its current (early) form is that
it will detect pre-existing issues and report it as a problem with the
patch that it is reviewing.

In practice, it would be hard to hit deliberately (unless you are a
malicious syzkaller fuzzer), since it would involve mounting the file
system with -o discard, and then deleting a large number of files,
remounting the file system with -o nodiscard, and then immediately
unmounting the file system before the queued discard work has a change
to drain on its own.

Fix it because it's a real bug, and to avoid Sashiko from raising this
concern when analyzing future patches to mballoc.c.
Published: 2026-05-05
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a logic bug in the ext4 filesystem that leaves queued discard operations pending when a filesystem is remounted from discard to nodiscard. Because the pending discard work is not cancelled or flushed, deleted data may remain on storage, potentially exposing sensitive data. This weakness corresponds to CWE-772.

Affected Systems

It affects all Linux kernel releases that contain ext4 before the patch that forces discard work to drain on unmount. All distributions shipping those kernel versions are impacted.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is <1%. The solution is not listed in CISA KEV. The attack vector is inferred to be local; it requires an attacker to control the machine, mount and remount the ext4 volume with specific options, delete files, and unmount before the kernel can drain the discard queue. Because the required sequence is complex and requires direct volume management, the exploitation likelihood is low.

Generated by OpenCVE AI on May 29, 2026 at 20:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the ext4 drain‑work patch.
  • Refrain from toggling between -o discard and -o nodiscard on the same filesystem mount; maintain a consistent discard mode during the filesystem lifetime.
  • Ensure that when discard is used, all pending discard work is allowed to drain before unmounting the filesystem, especially after deleting large volumes of data.

Generated by OpenCVE AI on May 29, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*

Thu, 07 May 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-584

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 05 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-584

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4_mb_release() While reviewing recent ext4 patch[1], Sashiko raised the following concern[2]: > If the filesystem is initially mounted with the discard option, > deleting files will populate sbi->s_discard_list and queue > s_discard_work. If it is then remounted with nodiscard, the > EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is > neither cancelled nor flushed. [1] https://lore.kernel.org/r/20260319094545.19291-1-qiang.zhang@linux.dev/ [2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev The concern was valid, but it had nothing to do with the patch[1]. One of the problems with Sashiko in its current (early) form is that it will detect pre-existing issues and report it as a problem with the patch that it is reviewing. In practice, it would be hard to hit deliberately (unless you are a malicious syzkaller fuzzer), since it would involve mounting the file system with -o discard, and then deleting a large number of files, remounting the file system with -o nodiscard, and then immediately unmounting the file system before the queued discard work has a change to drain on its own. Fix it because it's a real bug, and to avoid Sashiko from raising this concern when analyzing future patches to mballoc.c.
Title ext4: always drain queued discard work in ext4_mb_release()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:02.221Z

Reserved: 2026-05-01T14:12:55.981Z

Link: CVE-2026-43065

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-05T16:16:15.683

Modified: 2026-05-29T18:20:50.683

Link: CVE-2026-43065

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-05T00:00:00Z

Links: CVE-2026-43065 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T20:30:07Z

Weaknesses