CVE-2026-31400Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime6 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_request (rp->offset != 0), cache_release() decrements the request's readers count but never checks whether it should free the request. In cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the cache_request is removed from the queue and freed along with its buffer and cache_head refer

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac27bcd5e318876ac638c8ceade7a648e76ac8c48e1+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2026-31400: In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is2026-04-03
GHSA
GHSA-73jc-99jj-ch5v: In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: sunrpc: fix cache_request leak in cache_release2026-04-03
Debian
CVE-2026-31400: linux - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-31400 Impact, Exploitability, and Mitigation Steps | Wiz