Skip to main content

Linux Kernel EUVDEUVD-2026-32302

| CVE-2026-46005 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-3v87-wmqv-57cx
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.4 MEDIUM

Mounting XFS with DAX on a PMEM device requires CAP_SYS_ADMIN, making PR:H more accurate than the provided PR:L; all other metrics align with the description.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 15:55 vuln.today
CVSS changed
Jun 16, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix a resource leak in xfs_alloc_buftarg()

In the error path, call fs_put_dax() to drop the DAX device reference.

AnalysisAI

Resource leak in the Linux kernel's XFS subsystem fails to release a DAX (Direct Access) device reference in the error path of xfs_alloc_buftarg(), leaving a dangling reference that prevents proper cleanup of persistent memory devices. Systems running XFS on DAX-capable persistent memory hardware are affected, spanning multiple stable kernel branches prior to the fix commits documented in EUVD-2026-32302. No public exploit identified at time of analysis, and an EPSS score of 0.02% (5th percentile) confirms negligible exploitation interest; patches are confirmed available across Linux 6.6.x, 6.12.x, 6.18.x, 7.0.x, and 7.1-rc1.

Technical ContextAI

The vulnerability exists in xfs_alloc_buftarg(), a Linux kernel function within the XFS filesystem subsystem responsible for allocating and initializing the buffer target structure used to back XFS I/O operations. The DAX (Direct Access) feature - enabled via the 'dax' mount option on PMEM or similarly capable devices - bypasses the page cache to allow direct memory-mapped I/O. The bug was introduced at commit 6f643c57d57c56d4677bc05f1fca2ef3f249797c, which added DAX device reference acquisition to the function without a corresponding release on the error unwind path. CWE-401 (Missing Release of Memory after Effective Lifetime) precisely captures the root cause: the reference count on the DAX device obtained via an implicit get is never decremented via fs_put_dax() when the function fails. The affected CPE is cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, with no narrow version range expressed in the NVD CPE data - exact affected range is inferred from the EUVD commit boundaries.

RemediationAI

Update to a patched kernel release: Linux 6.6.140, 6.12.86, 6.18.27, 7.0.4, or 7.1-rc1, as documented in EUVD-2026-32302 and confirmed by stable kernel commits at git.kernel.org/stable. Distribution-specific backports from Red Hat, SUSE, Ubuntu, and Debian should be monitored separately, as their inclusion timelines are not confirmed by the provided data. If patching is immediately infeasible on a system using XFS with persistent memory, the compensating control is to remove the 'dax' or 'dax=always' mount option from affected XFS filesystems - trade-off: loss of direct-access performance for PMEM workloads, but complete elimination of the vulnerable code path since xfs_alloc_buftarg() only acquires a DAX reference when DAX is enabled. Systems without persistent memory hardware or without XFS DAX configuration require no action.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

EUVD-2026-32302 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy