Skip to main content

Linux Kernel EUVDEUVD-2026-28699

| CVE-2026-43393 MEDIUM
Memory Leak (CWE-401)
2026-05-08 Linux GHSA-945j-p452-jcmx
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 08, 2026 - 12:42 vuln.today
CVSS changed
May 26, 2026 - 15:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies()

Fix a chunk map leak in btrfs_map_block(): if we return early with -EINVAL, we're not freeing the chunk map that we've just looked up.

AnalysisAI

Memory leak in the Linux kernel btrfs filesystem driver allows a local low-privileged user to cause kernel memory exhaustion leading to denial of service. The defect resides in btrfs_map_block(), which fails to release a chunk map object when btrfs_chunk_map_num_copies() triggers an early return with -EINVAL, leaving the allocation dangling. No public exploit code has been identified at time of analysis, and EPSS sits at the 5th percentile (0.02%), reflecting a low practical exploitation probability consistent with the local-only attack vector.

Technical ContextAI

The affected component is the btrfs (B-tree filesystem) subsystem of the Linux kernel, identified via CPE cpe:2.3:a:linux:linux:*. The btrfs_map_block() function resolves the physical location of a logical block address by looking up a 'chunk map' - an in-memory structure that describes how logical address ranges map to physical stripes across devices. The root cause is CWE-401 (Missing Release of Memory after Effective Lifetime): when the call to btrfs_chunk_map_num_copies() returns -EINVAL and causes an early exit from btrfs_map_block(), the code path does not invoke the corresponding chunk map release function, leaving the allocation unreachable. Repeated triggering accumulates unreleased chunk map objects in kernel memory. The CVSS availability impact (A:H) reflects that sufficient memory exhaustion can bring down the entire host.

RemediationAI

The primary fix is to upgrade to a patched kernel version: 6.12.78, 6.18.19, 6.19.9, or 7.0, depending on the stable branch in use. Four upstream fix commits are available in the kernel stable tree: https://git.kernel.org/stable/c/0e4aaf5a3212b6a469c2489637c29a8e2a5062a5 (6.12 branch), https://git.kernel.org/stable/c/7bdf00ed75c477252578068dba19934cd825f20a, https://git.kernel.org/stable/c/4f90c5c2698383984102401b1724b0b67da832ab, and https://git.kernel.org/stable/c/f15fb3d41543244d1179f423da4a4832a55bc050. Red Hat and SUSE customers should monitor their respective security errata for backported kernel packages. If immediate patching is not feasible, the most effective compensating control is restricting local shell access to trusted users only, since the attack requires local low-privilege execution; removing untrusted user accounts from btrfs-mounted systems eliminates the practical attack surface. There is no known workaround that disables the specific code path without impacting btrfs functionality.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28699 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy