Skip to main content

Linux Kernel CVE-2026-31714

| EUVDEUVD-2026-26523 MEDIUM
Memory Leak (CWE-401)
2026-05-01 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 06, 2026 - 21:22 vuln.today
CVSS changed
May 06, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch released
May 01, 2026 - 15:24 nvd
Patch available
Patch available
May 01, 2026 - 15:02 EUVD
EUVD ID Assigned
May 01, 2026 - 14:22 euvd
EUVD-2026-26523
CVE Published
May 01, 2026 - 14:16 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:16 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid memory leak in f2fs_rename()

syzbot reported a f2fs bug as below:

BUG: memory leak unreferenced object 0xffff888127f70830 (size 16): comm "syz.0.23", pid 6144, jiffies 4294943712 hex dump (first 16 bytes): 3c af 57 72 5b e6 8f ad 6e 8e fd 33 42 39 03 ff <.Wr[...n..3B9.. backtrace (crc 925f8a80): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4520 [inline] slab_alloc_node mm/slub.c:4844 [inline] __do_kmalloc_node mm/slub.c:5237 [inline] __kmalloc_noprof+0x3bd/0x560 mm/slub.c:5250 kmalloc_noprof include/linux/slab.h:954 [inline] fscrypt_setup_filename+0x15e/0x3b0 fs/crypto/fname.c:364 f2fs_setup_filename+0x52/0xb0 fs/f2fs/dir.c:143 f2fs_rename+0x159/0xca0 fs/f2fs/namei.c:961 f2fs_rename2+0xd5/0xf20 fs/f2fs/namei.c:1308 vfs_rename+0x7ff/0x1250 fs/namei.c:6026 filename_renameat2+0x4f4/0x660 fs/namei.c:6144 __do_sys_renameat2 fs/namei.c:6173 [inline] __se_sys_renameat2 fs/namei.c:6168 [inline] __x64_sys_renameat2+0x59/0x80 fs/namei.c:6168 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The root cause is in commit 40b2d55e0452 ("f2fs: fix to create selinux label during whiteout initialization"), we added a call to f2fs_setup_filename() without a matching call to f2fs_free_filename(), fix it.

AnalysisAI

Memory leak in f2fs_rename() function allows local authenticated attackers to cause denial of service through repeated file rename operations. The vulnerability exists in the f2fs filesystem implementation when handling SELinux label initialization during whiteout file creation, due to a missing f2fs_free_filename() call introduced in commit 40b2d55e0452. Vendor patches are available for Linux 6.6.136, 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1.

Technical ContextAI

The vulnerability resides in the f2fs (Flash-Friendly File System) filesystem implementation, specifically within the f2fs_rename() function in fs/f2fs/namei.c. The root cause involves improper resource cleanup in the filesystem's filename setup and teardown path. When commit 40b2d55e0452 added SELinux label support during whiteout (temporary file) initialization, it introduced a call to f2fs_setup_filename() at line 961 that allocates memory through fscrypt_setup_filename() in the filesystem encryption layer (fs/crypto/fname.c:364). However, the corresponding cleanup function f2fs_free_filename() was not called, causing allocated kernel memory to persist. The CWE-401 (Missing Release of Memory after Effective Lifetime) classification confirms this is a classic resource leak vulnerability. Affected systems include all Linux kernel versions containing the problematic commit until patched versions are applied.

RemediationAI

Vendor-released patches are available: upgrade to Linux kernel 6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1, or later depending on your maintained kernel series. For stable kernel series: Linux 6.6 users should apply patch commit 047c0aef6af37a2a35181aa085c616ad286386f1, Linux 6.9+ users should apply commit 369eb2016d8e2f01931b3bad1cb9cefa83f44003. Patches are available via https://git.kernel.org/stable/ for all affected versions. If immediate patching is not feasible, restrict local user access to systems running vulnerable kernels, or disable the f2fs filesystem if not required for critical workloads. Note that complete mitigation requires kernel recompilation and reboot; partial mitigations like memory monitoring do not prevent the leak, only detect it. Verify patch application by checking kernel source at fs/f2fs/namei.c line 961 to confirm f2fs_free_filename() is called to match the f2fs_setup_filename() allocation.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31714 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy