Improper resource shutdown or release in Linux kernel - CVE-2026-43065
Published: May 6, 2026
Vulnerability identifier: #VU130229
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43065
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in ext4_mb_release() discard work handling when remounting an ext4 filesystem from discard to nodiscard and immediately unmounting it. A local user can mount the filesystem with discard, delete a large number of files, remount it with nodiscard, and immediately unmount it to cause a denial of service.
Exploitation requires a specific sequence of filesystem mount, remount, and unmount operations while queued discard work is still pending.
How to mitigate CVE-2026-43065
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1c82f863f090ab899085bdfade073313384b514b
- https://git.kernel.org/stable/c/812b6a7cd3e7f3a3e8a24db85bc6313c26cb1098
- https://git.kernel.org/stable/c/9b4d9dda6a71ad3425c8109d27c4c6bfb9da97b8
- https://git.kernel.org/stable/c/9ee29d20aab228adfb02ca93f87fb53c56c2f3af
- https://git.kernel.org/stable/c/b4737e26d4688b8aea88ad6ea4dbfeb6e78b0327
- https://git.kernel.org/stable/c/c360e9d0def4f4ae03254a67c683103908555b75
- https://git.kernel.org/stable/c/e96c2354b170aaa53300c8e8fd59e41b133160f7