CVE-2026-23145 in Linuxinfo

Summary

by MITRE • 02/14/2026

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref

The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 03/18/2026

The vulnerability identified as CVE-2026-23145 represents a memory resource leak within the Linux kernel's ext4 filesystem implementation. This issue specifically affects the ext4_xattr_inode_update_ref function which handles attribute updates for extended attributes in ext4 filesystems. The flaw manifests when the function encounters an error condition during execution, where it fails to properly release a reference count for the iloc.bh structure. This structure represents a buffer head containing inode location information, and the missing cleanup operation results in a memory leak that persists until the system reboots or the filesystem is unmounted. The vulnerability was discovered during code review processes, highlighting the importance of thorough examination of error handling paths in kernel code.

The technical implementation of this flaw stems from improper resource management within the ext4 filesystem subsystem. When ext4_xattr_inode_update_ref processes extended attribute updates, it acquires a reference to the iloc.bh buffer head to manage inode location data. However, during error conditions such as failed attribute updates or allocation failures, the function fails to call the appropriate release mechanism for this buffer head reference. This creates a dangling reference that prevents the kernel's memory allocator from reclaiming the associated memory pages, leading to progressive memory consumption over time. The vulnerability is classified as a resource leak under CWE-404, specifically involving improper resource management where the kernel fails to release allocated buffer heads.

The operational impact of this vulnerability extends beyond simple memory consumption issues as it can lead to system performance degradation and potential denial of service conditions. While individual memory leaks may appear minor, in systems handling extensive extended attribute operations or under sustained workload conditions, the cumulative effect of unreleased buffer heads can consume significant portions of available system memory. This degradation becomes particularly problematic in environments with high inode activity, such as servers managing large numbers of files with extensive metadata or containerized environments where extended attributes are frequently modified. The leak may also compound with other memory management issues, potentially leading to memory pressure that affects overall system stability and responsiveness.

Mitigation strategies for this vulnerability involve immediate patch application from kernel maintainers, as the fix requires modifications to the ext4 filesystem code to ensure proper buffer head reference counting. System administrators should prioritize updating their kernel versions to include the patched implementation, particularly in production environments handling significant extended attribute workloads. Additionally, monitoring system memory usage patterns can help detect early signs of resource leakage, though the primary defense remains the code-level fix. The fix aligns with ATT&CK technique T1490 for resource exhaustion, as it addresses a specific mechanism that could be exploited to consume system resources over time. Organizations should also implement regular kernel security audits and maintain updated security monitoring tools to detect similar resource management issues across their infrastructure.

Responsible

Linux

Reservation

01/13/2026

Disclosure

02/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00123

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!