CVE-2026-45861 Linux CVE debrief

Who should care

Organizations running Linux kernels with GFS2 filesystem support enabled, particularly clustered storage environments using GFS2 with quota enforcement. Cloud providers and enterprises with shared storage infrastructure utilizing GFS2 should prioritize assessment.

Technical summary

The vulnerability exists in GFS2's quota data (qd) object lifecycle management. Commit a475c5dd16e5 introduced synchronous freeing of quota data objects during filesystem shutdown to replace LRU list recycling, but omitted the necessary list_del_init() or equivalent removal from the LRU list. This leaves dangling pointers in the LRU list that the gfs2_qd_shrink_scan shrinker subsequently dereferences, accessing freed slab memory. The fix in qd_put() ensures proper list removal before kfree() operations.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your Linux distribution
• Monitor GFS2 filesystem shutdown operations for unexpected kernel panics or memory corruption indicators
• Review systems utilizing GFS2 clustered filesystems for kernel version exposure
• Prioritize patching on systems with heavy quota-enabled GFS2 workloads
• Consider temporary mitigation by avoiding filesystem shutdown operations during maintenance windows if patching is delayed

Evidence notes

Vulnerability description confirms slab-use-after-free in qd_put() function. Root cause identified as commit a475c5dd16e5 failing to remove quota data objects from LRU list before synchronous freeing. Affects gfs2_qd_shrink_scan shrinker operations. Fix removes qd objects from LRU list prior to freeing. Multiple stable kernel fix commits referenced.

Official resources