Inode Reference Leak in Linux Kernel's Ext4 Filesystem
CVE-2026-43066

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43066?

A vulnerability exists in the Linux kernel's Ext4 filesystem where an inode reference can be leaked during error handling in the ext4_fc_replay_inode() function. When certain operations fail, such as ext4_handle_dirty_metadata() or sync_dirty_buffer(), the function may skip the necessary release of the inode's buffer head, iloc.bh. This oversight can lead to memory leaks and potential resource exhaustion. A remedial fix introduces a new error handling path to ensure that iloc.bh is always properly released, thereby improving the stability and security of the filesystem.

Affected Version(s)

Linux 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 < 0892f12cd49fde5d5db68137923db107f894f3a3

Linux 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 < 5a63033696e60b5d70816f1d119645ac5b0b0a03

Linux 8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 < 9c90449a9ac2cd1ba540ad2561b8b70c1bfb0a25

References

https://git.kernel.org/stable/c/0892f12cd49fde5d5db681379...

https://git.kernel.org/stable/c/5a63033696e60b5d70816f1d1...

https://git.kernel.org/stable/c/9c90449a9ac2cd1ba540ad256...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43066 Data

JSON