Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-mzg4-exh3-pugu
Vulnerability ID VCID-mzg4-exh3-pugu
Aliases CVE-2026-31434
Summary In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub_group[], kobject_init_and_add() is called for each element via btrfs_sysfs_add_space_info_type(). However, when check_removing_space_info() frees these elements, it does not call btrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is not called and the associated kobj->name objects are leaked. This memory leak is reproduced by running the blktests test case zbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak feature reports the following error: unreferenced object 0xffff888112877d40 (size 16): comm "mount", pid 1244, jiffies 4294996972 hex dump (first 16 bytes): 64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f data-reloc...... backtrace (crc 53ffde4d): __kmalloc_node_track_caller_noprof+0x619/0x870 kstrdup+0x42/0xc0 kobject_set_name_vargs+0x44/0x110 kobject_init_and_add+0xcf/0x150 btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs] create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs] create_space_info+0x211/0x320 [btrfs] btrfs_init_space_info+0x15a/0x1b0 [btrfs] open_ctree+0x33c7/0x4a50 [btrfs] btrfs_get_tree.cold+0x9f/0x1ee [btrfs] vfs_get_tree+0x87/0x2f0 vfs_cmd_create+0xbd/0x280 __do_sys_fsconfig+0x3df/0x990 do_syscall_64+0x136/0x1540 entry_SYSCALL_64_after_hwframe+0x76/0x7e To avoid the leak, call btrfs_sysfs_remove_space_info() instead of kfree() for the elements.
Status Published
Exploitability 0.5
Weighted Severity 2.4
Risk 1.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-911 Improper Update of Reference Count
System Score Found at
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2026-31434
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2026-31434
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2026-31434
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2026-31434
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2026-31434
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2026-31434
cvssv3.1 4.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31434.json
https://api.first.org/data/v1/epss?cve=CVE-2026-31434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31434
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2460728 https://bugzilla.redhat.com/show_bug.cgi?id=2460728
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.06773
EPSS Score 0.00024
Published At April 24, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-23T05:40:53.978662+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.4.0