SB20260625104 - Memory leak in Linux kernel md driver
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Memory leak (CVE-ID: CVE-2026-53060)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a memory leak in dm_cache_metadata_abort in the device-mapper cache metadata component when reloading a new table while metadata is read-only. A local user can trigger repeated metadata abort operations to cause a denial of service.
The issue can also occur through concurrent metadata_operation_failed calls due to races in cache mode updates.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/044ca491d4086dc5bf233e9fcb71db52df32f633
- https://git.kernel.org/stable/c/14f60e957f34f95a626caec76a8fae88cf4c397f
- https://git.kernel.org/stable/c/15c30997dca681f90dbf2d45ee629c1828bf0c0d
- https://git.kernel.org/stable/c/322a3b70368d49e39591fe9fc6c07d262128b05f
- https://git.kernel.org/stable/c/4311ca59a1891d33c4c8b7946f98c34f167fe833
- https://git.kernel.org/stable/c/6b97cc7a42905755c56bbddc33aa8b792205caee
- https://git.kernel.org/stable/c/b0bd35535bdb6f58505f3a30ee5793986943997a
- https://git.kernel.org/stable/c/d1a79620c419a0af1911f99c873014b30740e303