Memory Leak in Linux Kernel Affecting Shared Memory Mapping
CVE-2026-31654
What is CVE-2026-31654?
A memory leak vulnerability was identified in the Linux kernel related to the handling of shared memory mapping. When the /dev/zero device is mapped with MAP_SHARED, a failure in the process can lead to a situation where a newly created shared memory file is not properly released. The error occurs in the __mmap_region() function when an error path is not adequately managed. Specifically, while the original file allocated is released correctly, the new shared memory file created during the process remains untracked and not freed, leading to potential memory exhaustion. This can be demonstrated through fault injection tests, revealing unreferenced objects and indicating that the system continues to allocate memory without proper deallocation. Immediate attention is recommended for users operating systems using the affected Linux kernel versions.
Affected Version(s)
Linux 605f6586ecf78395f0185ab24c368fb46a06e434 < 61fc8eaf2ab214b32c7bce52597c80cf0ca41ada
Linux 605f6586ecf78395f0185ab24c368fb46a06e434 < 894f99eb535edc4514f756818f3c4f688ba53a59
Linux 6.19