gfs2: fix memory leaks in gfs2_fill_super error path
Summary
| CVE | CVE-2026-45961 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-27 14:17:12 UTC |
| Updated | 2026-05-27 14:48:03 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2_fill_super error path Fix two memory leaks in the gfs2_fill_super() error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects (thread_struct, task_struct, etc.) When gfs2_freeze_lock_shared() fails after init_threads() succeeds, the created kernel threads (logd and quotad) are never destroyed. This occurs because the fail_per_node label doesn't call gfs2_destroy_threads(). Second leak: quota bitmap buffer (8192 bytes) When gfs2_make_fs_rw() fails after gfs2_quota_init() succeeds but before other operations complete, the allocated quota bitmap is never freed. The fix moves thread cleanup to the fail_per_node label to handle all error paths uniformly. gfs2_destroy_threads() is safe to call unconditionally as it checks for NULL pointers. Quota cleanup is added in gfs2_make_fs_rw() to properly handle the withdrawal case where quota initialization succeeds but the filesystem is then withdrawn. Thread leak backtrace (gfs2_freeze_lock_shared failure): unreferenced object 0xffff88801d7bca80 (size 4480): copy_process+0x3a1/0x4670 kernel/fork.c:2422 kernel_clone+0xf3/0x6e0 kernel/fork.c:2779 kthread_create_on_node+0x100/0x150 kernel/kthread.c:478 init_threads+0xab/0x350 fs/gfs2/ops_fstype.c:611 gfs2_fill_super+0xe5c/0x1240 fs/gfs2/ops_fstype.c:1265 Quota leak backtrace (gfs2_make_fs_rw failure): unreferenced object 0xffff88812de7c000 (size 8192): gfs2_quota_init+0xe5/0x820 fs/gfs2/quota.c:1409 gfs2_make_fs_rw+0x7a/0xe0 fs/gfs2/super.c:149 gfs2_fill_super+0xfbb/0x1240 fs/gfs2/ops_fstype.c:1275 |
Risk And Classification
EPSS: 0.000180000 probability, percentile 0.053270000 (date 2026-05-30)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected b66f723bb552ad59c2acb5d45ea45c890f84498b e54229ecf49add8451d5f765a32c86ab4446e06c git | Not specified |
| CNA | Linux | Linux | affected b66f723bb552ad59c2acb5d45ea45c890f84498b da6f5bbc2e7902f578b503f2a4c3d8d09ca4b102 git | Not specified |
| CNA | Linux | Linux | affected 2f8623377f3e0cfaa80558631b8694d02a492b4c git | Not specified |
| CNA | Linux | Linux | affected c713ebf2fe3f469e4af4de60a3427689ffb7c5d7 git | Not specified |
| CNA | Linux | Linux | affected c2191e507147b1a22e9170ebb2aaa0f2902fcbfa git | Not specified |
| CNA | Linux | Linux | affected 9fc32dad3cdba18669c71893f3e6d96905b39b3f git | Not specified |
| CNA | Linux | Linux | affected 5.10.173 5.11 semver | Not specified |
| CNA | Linux | Linux | affected 5.15.99 5.16 semver | Not specified |
| CNA | Linux | Linux | affected 6.1.16 6.2 semver | Not specified |
| CNA | Linux | Linux | affected 6.2.3 6.3 semver | Not specified |
| CNA | Linux | Linux | affected 6.3 | Not specified |
| CNA | Linux | Linux | unaffected 6.3 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.4 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/da6f5bbc2e7902f578b503f2a4c3d8d09ca4b102 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/e54229ecf49add8451d5f765a32c86ab4446e06c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.