CVE-2026-23032: null_blk: fix kmemleak by releasing references to fault configfs items
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix kmemleak by releasing references to fault configfs items
When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk
driver sets up fault injection support by creating the timeout_inject,
requeue_inject, and init_hctx_fault_inject configfs items as children
of the top-level nullbX configfs group.
However, when the nullbX device is removed, the references taken to
these fault-config configfs items are not released. As a result,
kmemleak reports a memory leak, for example:
unreferenced object 0xc00000021ff25c40 (size 32):
comm "mkdir", pid 10665, jiffies 4322121578
hex dump (first 32 bytes):
69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_
69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........
backtrace (crc 1a018c86):
__kmalloc_node_track_caller_noprof+0x494/0xbd8
kvasprintf+0x74/0xf4
config_item_set_name+0xf0/0x104
config_group_init_type_name+0x48/0xfc
fault_config_init+0x48/0xf0
0xc0080000180559e4
configfs_mkdir+0x304/0x814
vfs_mkdir+0x49c/0x604
do_mkdirat+0x314/0x3d0
sys_mkdir+0xa0/0xd8
system_call_exception+0x1b0/0x4f0
system_call_vectored_common+0x15c/0x2ec
Fix this by explicitly releasing the references to the fault-config
configfs items when dropping the reference to the top-level nullbX
configfs group.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel memory leak in the null_blk test block-device driver. It appears limited to systems built with null_blk fault-injection support and using related configfs items. The bundle does not show remote exploitation, active exploitation, or a CVSS score.
Executive priority
Treat as low operational urgency unless affected kernels are widely deployed in test infrastructure or embedded products. Prioritize normal kernel update cycles and vendor advisory tracking over emergency response.
Technical view
When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, null_blk creates fault-injection configfs items. On nullbX device removal, references to those items were not released, causing kmemleak-reported memory leaks. Kernel stable commits fix the issue by explicitly releasing those references.
Likely exposure
Exposure is likely narrow: Linux systems with the null_blk driver and CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION enabled. Production systems not using this test/fault-injection path are less likely to be exposed, based on the provided description.
Exploitation context
The source bundle provides no KEV listing and no cited evidence of active exploitation. The described trigger involves null_blk configfs lifecycle behavior, suggesting local configuration or test-environment interaction rather than a remote attack path.
Researcher notes
The evidence supports a memory-leak class bug in a specific null_blk fault-injection path. No CWE, CVSS, exploitability assessment, or weaponized exploit evidence is provided. Affected-version data in the bundle is sparse, so rely on vendor backport status.
Mitigation direction
Apply Linux kernel updates containing the referenced stable fixes.
Confirm your distribution backported the null_blk reference-release fix.
Review Siemens SSA-253495 if Siemens products are in scope.
If no vendor package is available, follow vendor kernel guidance.
Validation and detection
Check whether the running kernel includes null_blk fault-injection support.
Inventory systems using null_blk configfs functionality.
Map kernel versions against vendor advisories and stable fix commits.
Review kmemleak or kernel diagnostics for related null_blk leaks.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2026-23032 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
6Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Jan 31, 2026, 11:42 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.