Description
In the Linux kernel, the following vulnerability has been resolved:

block: fix zones_cond memory leak on zone revalidation error paths

When blk_revalidate_disk_zones() fails after disk_revalidate_zone_resources()
has allocated args.zones_cond, the memory is leaked because no error path
frees it.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel block subsystem, a flaw in blk_revalidate_disk_zones causes memory allocated for disk zone revalidation to leak when the routine fails after allocating args.zones_cond. The omission of a cleanup path means that each failure gradually consumes more RAM, potentially leading to resource exhaustion. The weakness is a memory leak involving unreleased resources (CWE-772), which can degrade system stability without granting direct data or code compromise.

Affected Systems

All Linux kernel releases prior to inclusion of commit 29153d128384fa7c48a8ca8d34094b1cbe2d5bdc are vulnerable. The defect exists in the block module across all distributions that ship the unpatched kernel; any system running a pre‑patch kernel version is at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity vulnerability, and no EPSS score is available, so existing data does not indicate a high probability of exploitation. The issue is not listed in CISA KEV. Based on the description, it is inferred that the attack vector is local, requiring the ability to trigger a disk zone revalidation failure, such as by manipulating disk configuration or performing operations that exercise the failing path. Because the flaw only causes memory depletion, repeated exploitation could lead to a denial‑of‑service condition but does not provide direct data compromise.

Generated by OpenCVE AI on June 25, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes commit 29153d128384fa7c48a8ca8d34094b1cbe2d5bdc or later.
  • If an immediate update is not feasible, monitor system memory usage for abnormal growth and avoid operations that may trigger disk zone revalidation errors until the kernel is updated.
  • When supported, apply the specific patch or cherry‑pick the commit into the running kernel to eliminate the leak.

Generated by OpenCVE AI on June 25, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 25 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: block: fix zones_cond memory leak on zone revalidation error paths When blk_revalidate_disk_zones() fails after disk_revalidate_zone_resources() has allocated args.zones_cond, the memory is leaked because no error path frees it.
Title block: fix zones_cond memory leak on zone revalidation error paths
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:55.252Z

Reserved: 2026-06-09T07:44:35.386Z

Link: CVE-2026-53127

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53127 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T03:30:17Z

Weaknesses
  • CWE-772

    Missing Release of Resource after Effective Lifetime