Memory leak in Linux kernel - CVE-2026-53060
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a memory leak in dm_cache_metadata_abort in the device-mapper cache metadata component when reloading a new table while metadata is read-only. A local user can trigger repeated metadata abort operations to cause a denial of service.
The issue can also occur through concurrent metadata_operation_failed calls due to races in cache mode updates.
How to mitigate CVE-2026-53060
Sources
- https://git.kernel.org/stable/c/044ca491d4086dc5bf233e9fcb71db52df32f633
- https://git.kernel.org/stable/c/14f60e957f34f95a626caec76a8fae88cf4c397f
- https://git.kernel.org/stable/c/15c30997dca681f90dbf2d45ee629c1828bf0c0d
- https://git.kernel.org/stable/c/322a3b70368d49e39591fe9fc6c07d262128b05f
- https://git.kernel.org/stable/c/4311ca59a1891d33c4c8b7946f98c34f167fe833
- https://git.kernel.org/stable/c/6b97cc7a42905755c56bbddc33aa8b792205caee
- https://git.kernel.org/stable/c/b0bd35535bdb6f58505f3a30ee5793986943997a
- https://git.kernel.org/stable/c/d1a79620c419a0af1911f99c873014b30740e303