CVE-2026-23032Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
4.4MEDIUM
No vector
EPSS
0.0%
top 98.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 31

Description

In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are n

Affected Packages4 packages

Linuxlinux/linux_kernel6.4.06.6.122+2
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linuxbb4c19e030f45c5416f1eb4daa94fbaf7165e9ea1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2+4
debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

3
OSV
null_blk: fix kmemleak by releasing references to fault configfs items2026-01-31
GHSA
GHSA-jq2q-j87r-jrqv: In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONF2026-01-31
OSV
CVE-2026-23032: In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG2026-01-31

📋Vendor Advisories

2
Red Hat
kernel: null_blk: fix kmemleak by releasing references to fault configfs items2026-01-31
Debian
CVE-2026-23032: linux - In the Linux kernel, the following vulnerability has been resolved: null_blk: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23032 Impact, Exploitability, and Mitigation Steps | Wiz