Skip to main content

Linux Kernel EUVDEUVD-2026-32232

| CVE-2026-45948 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-gvfq-9hrf-2536
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local fallocate invocation requires low-privilege user access (AV:L, PR:L); repeated leaks cause high availability impact with zero confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 04:45 vuln.today
CVSS changed
Jun 16, 2026 - 02:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix memory leak in ext4_ext_shift_extents()

In ext4_ext_shift_extents(), if the extent is NULL in the while loop, the function returns immediately without releasing the path obtained via ext4_find_extent(), leading to a memory leak.

Fix this by jumping to the out label to ensure the path is properly released.

AnalysisAI

Memory exhaustion in the Linux kernel's ext4 filesystem driver allows a local low-privilege user to gradually degrade system availability by repeatedly triggering a kernel memory leak in ext4_ext_shift_extents(). The flaw, present since approximately kernel 3.15, causes path structures allocated by ext4_find_extent() to go unreleased when a NULL extent is encountered during fallocate shift operations. With no CISA KEV listing, an EPSS of 0.02%, and no public exploit code identified, this is a low-urgency but genuine patch priority for long-lived ext4 systems with unprivileged local users.

Technical ContextAI

The vulnerability resides in the ext4 extent-based filesystem driver within the Linux kernel, specifically in ext4_ext_shift_extents() - the function responsible for relocating extent tree entries during FALLOC_FL_INSERT_RANGE and FALLOC_FL_COLLAPSE_RANGE fallocate operations. The function calls ext4_find_extent(), which allocates a struct ext4_ext_path on the kernel heap. CWE-401 (Missing Release of Memory after Effective Lifetime) applies precisely: when the while loop encounters a NULL extent pointer and returns early via a direct 'return' statement rather than the cleanup 'out' label, the allocated path is never freed via ext4_ext_drop_refs() and kfree(). The CPE data (cpe:2.3:o:linux:linux_kernel) confirms all Linux kernel builds running the vulnerable ext4 code path are affected, spanning architectures from x86_64 to ARM, s390, and others. The EUVD data pins the vulnerability introduction to commit a18ed359bdddcded4f97ff5e2f07793ff9336913, traceable to the kernel 3.15 era when ext4 extent shifting was introduced.

RemediationAI

The primary remediation is upgrading to a patched Linux kernel version within the active stable branch: 5.10.252 (commit bd7b52557e4a3ccd7595fdb3a585f1257de57935), 5.15.202 (commit 12615ab4bfb69678e5d961b28bb70040299e51b1), 6.1.165 (commit ca81109d4a8f192dc1cbad4a1ee25246363c2833), 6.6.128 (commit 4a79fde8db7eba7f1128d971ceba4e3c9ac84aec), 6.12.75 (commit afc5e61e1a07b2b833bd72cbee36ecce9cd901e2), 6.18.14 (commit 7e807cb8603b7664fa630a696cd891d9a03c248d), 6.19.4 (commit 1bce219ee5512cf179ba40cf114945a14a16e21f), or mainline 7.0 (commit 2f4b1052246ca646bb17bfe0f53df2fdf9729b58). All patch commits are accessible at https://git.kernel.org/stable/c/. If an immediate kernel upgrade is not feasible, restrict unprivileged user access to fallocate with FALLOC_FL_INSERT_RANGE or FALLOC_FL_COLLAPSE_RANGE via filesystem access controls or SELinux/AppArmor policy - this trade-off may break applications that rely on sparse file manipulation. Mounting ext4 volumes read-only for untrusted users eliminates the attack surface entirely but prevents writes. No workaround eliminates the root cause; patching is the only definitive fix.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-32232 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy