sunrpc: fix cache_request leak in cache_release

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-31400
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-04-03 16:16:38 UTC
Updated2026-04-18 09:16:30 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_request (rp->offset != 0), cache_release() decrements the request's readers count but never checks whether it should free the request. In cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the cache_request is removed from the queue and freed along with its buffer and cache_head reference. cache_release() lacks this cleanup. The only other path that frees requests with readers == 0 is cache_dequeue(), but it runs only when CACHE_PENDING transitions from set to clear. If that transition already happened while readers was still non-zero, cache_dequeue() will have skipped the request, and no subsequent call will clean it up. Add the same cleanup logic from cache_read() to cache_release(): after decrementing readers, check if it reached 0 with CACHE_PENDING clear, and if so, dequeue and free the cache_request.

Risk And Classification

EPSS: 0.000320000 probability, percentile 0.092520000 (date 2026-04-21)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1dfedb293943e491379c9302b428e6f920a73d12 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 f18c1f2a88ca91357916997cdb0f7adaf14fc497 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 7bcd5e318876ac638c8ceade7a648e76ac8c48e1 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 41f6ba6c98a618043d2cd71030bf9a752dfab8b2 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 301670dcd098c1fe5c2fe90fb3c7a8f4814d2351 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 be5c35960e5ead70862736161836e2d1bc7352dc git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 373457de14281c1fc7cace6fc4c8a267fc176673 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 17ad31b3a43b72aec3a3d83605891e1397d0d065 git Not specified
CNA Linux Linux affected 2.6.12 Not specified
CNA Linux Linux unaffected 2.6.12 semver Not specified
CNA Linux Linux unaffected 5.10.253 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.203 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.167 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.130 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.78 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.20 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.10 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/41f6ba6c98a618043d2cd71030bf9a752dfab8b2 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/f18c1f2a88ca91357916997cdb0f7adaf14fc497 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/1dfedb293943e491379c9302b428e6f920a73d12 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/be5c35960e5ead70862736161836e2d1bc7352dc 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/7bcd5e318876ac638c8ceade7a648e76ac8c48e1 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/301670dcd098c1fe5c2fe90fb3c7a8f4814d2351 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/17ad31b3a43b72aec3a3d83605891e1397d0d065 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/373457de14281c1fc7cace6fc4c8a267fc176673 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report