CVE-2026-23032

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue where references to fault configfs items are not released when a nullbX device is removed, leading to a kernel memory leak (kmemleak). This occurs when the CONFIG BLK DEV NULL BLK FAULT INJECTION configuration option is enabled. The issue involves the timeout inject, requeue inject, and init hctx fault inject configfs items created as children of the nullbX configfs group. The fix involves explicitly releasing these references when the reference to the top-level nullbX configfs group is dropped.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23032

OESA-2026-1566

OESA-2026-1567

OESA-2026-1570

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linux Kernel

Ubuntu

CVE-2026-23032

Related Identifiers

Affected Products

References · 300