ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths

Summary

CVE	CVE-2026-43066
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-05 16:16:15 UTC
Updated	2026-05-06 13:08:07 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths During code review, Joseph found that ext4_fc_replay_inode() calls ext4_get_fc_inode_loc() to get the inode location, which holds a reference to iloc.bh that must be released via brelse(). However, several error paths jump to the 'out' label without releasing iloc.bh: - ext4_handle_dirty_metadata() failure - sync_dirty_buffer() failure - ext4_mark_inode_used() failure - ext4_iget() failure Fix this by introducing an 'out_brelse' label placed just before the existing 'out' label to ensure iloc.bh is always released. Additionally, make ext4_fc_replay_inode() propagate errors properly instead of always returning 0.

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 0892f12cd49fde5d5db68137923db107f894f3a3 git	Not specified
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 5a63033696e60b5d70816f1d119645ac5b0b0a03 git	Not specified
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 9c90449a9ac2cd1ba540ad2561b8b70c1bfb0a25 git	Not specified
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 ca99cbcc316cdfd2040cc2b13d1426ccb3b3b50b git	Not specified
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 19782b4c793b49a6aa4abbb307ddff3610009d21 git	Not specified
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 f7817ad399d604e8639005d87d148b5ec626ad26 git	Not specified
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 c426231e3d51916e83b6d1ab7ed8a65e83bca5b4 git	Not specified
CNA	Linux	Linux	affected 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 ec0a7500d8eace5b4f305fa0c594dd148f0e8d29 git	Not specified
CNA	Linux	Linux	affected 5.10	Not specified
CNA	Linux	Linux	unaffected 5.10 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.168 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.131 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.80 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.21 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.11 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/ec0a7500d8eace5b4f305fa0c594dd148f0e8d29	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/c426231e3d51916e83b6d1ab7ed8a65e83bca5b4	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/0892f12cd49fde5d5db68137923db107f894f3a3	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/ca99cbcc316cdfd2040cc2b13d1426ccb3b3b50b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/9c90449a9ac2cd1ba540ad2561b8b70c1bfb0a25	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/f7817ad399d604e8639005d87d148b5ec626ad26	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/5a63033696e60b5d70816f1d119645ac5b0b0a03	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/19782b4c793b49a6aa4abbb307ddff3610009d21	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.