HOMEVULNERABILITIESCVE-2026-31434
NONE

CVE-2026-31434

Published: April 22, 2026· Updated: Apr 23, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.8th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix leak of kobject name for sub-group space_info

When create_space_info_sub_group() allocates elements of

space_info->sub_group[], kobject_init_and_add() is called for each

element via btrfs_sysfs_add_space_info_type(). However, when

check_removing_space_info() frees these elements, it does not call

btrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is

not called and the associated kobj->name objects are leaked.

This memory leak is reproduced by running the blktests test case

zbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak

feature reports the following error:

unreferenced object 0xffff888112877d40 (size 16):

comm "mount", pid 1244, jiffies 4294996972

hex dump (first 16 bytes):

64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f data-reloc......

backtrace (crc 53ffde4d):

__kmalloc_node_track_caller_noprof+0x619/0x870

kstrdup+0x42/0xc0

kobject_set_name_vargs+0x44/0x110

kobject_init_and_add+0xcf/0x150

btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs]

create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs]

create_space_info+0x211/0x320 [btrfs]

btrfs_init_space_info+0x15a/0x1b0 [btrfs]

open_ctree+0x33c7/0x4a50 [btrfs]

btrfs_get_tree.cold+0x9f/0x1ee [btrfs]

vfs_get_tree+0x87/0x2f0

vfs_cmd_create+0xbd/0x280

__do_sys_fsconfig+0x3df/0x990

do_syscall_64+0x136/0x1540

entry_SYSCALL_64_after_hwframe+0x76/0x7e

To avoid the leak, call btrfs_sysfs_remove_space_info() instead of

kfree() for the elements.

NVD Source

Technical Analysis

CVE-2026-31434 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-31434
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedApr 22, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31434 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.