PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45961 Linux CVE debrief

CVE-2026-45961 describes two memory leaks in the Linux kernel's GFS2 (Global File System 2) filesystem driver, specifically within the `gfs2_fill_super()` error handling path during filesystem initialization. The vulnerability occurs when transitioning a filesystem to read-write mode fails after certain initialization steps have succeeded, leaving allocated resources unreleased. The first leak involves kernel thread objects (logd and quotad threads) created by `init_threads()` that are not destroyed if `gfs2_freeze_lock_shared()` subsequently fails, because the `fail_per_node` error label omitted the necessary `gfs2_destroy_threads()` call. The second leak involves an 8192-byte quota bitmap buffer allocated by `gfs2_quota_init()` that is not freed if `gfs2_make_fs_rw()` fails after quota initialization but before completion. The resolution moves thread cleanup to the `fail_per_node` label for uniform handling across all error paths and adds quota cleanup in `gfs2_make_fs_rw()` to handle withdrawal cases. This is a local vulnerability affecting GFS2 filesystem mounting operations; exploitation requires the ability to trigger specific failure conditions during filesystem initialization. The vulnerability was published on 2026-05-27 and affects the Linux kernel GFS2 subsystem.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations running Linux systems with GFS2 filesystems, particularly clustered storage environments, high-availability systems, and enterprises using GFS2 for shared storage in SAN or iSCSI configurations. System administrators responsible for kernel maintenance and storage infrastructure. Cloud providers offering GFS2-based storage services.

Technical summary

The vulnerability exists in fs/gfs2/ops_fstype.c and fs/gfs2/super.c. When gfs2_fill_super() fails during read-write transition after init_threads() succeeds, kernel threads (logd, quotad) leak because fail_per_node label lacks gfs2_destroy_threads() call. When gfs2_make_fs_rw() fails after gfs2_quota_init() succeeds, the 8192-byte quota bitmap leaks. The fix relocates thread cleanup to fail_per_node label and adds quota cleanup in gfs2_make_fs_rw() withdrawal handling. gfs2_destroy_threads() is NULL-safe for unconditional invocation.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel patches from stable kernel git commits (see ref-4, ref-5) to affected systems running GFS2
  • Monitor kernel memory usage on systems utilizing GFS2 filesystems, particularly during mount operations
  • Review system logs for GFS2 mount failures or freeze lock errors that may indicate resource exhaustion
  • Ensure kernel is updated to a version containing the fix before deploying GFS2 in production environments
  • Consider implementing resource limits and monitoring for kernel thread and memory allocation anomalies on GFS2 servers

Evidence notes

CVE description confirms two distinct memory leak paths in gfs2_fill_super() error handling. Kernel commit references (ref-4, ref-5) provide patch verification. No CVSS score assigned; NVD status is 'Awaiting Analysis'. Vendor identified as Linux kernel/GFS2 subsystem.

Official resources

2026-05-27