LiveActive security incident?Get immediate response
CVE Record

CVE-2026-23032: null_blk: fix kmemleak by releasing references to fault configfs items

In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example: unreferenced object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel memory leak in the null_blk test block-device driver. It appears limited to systems built with null_blk fault-injection support and using related configfs items. The bundle does not show remote exploitation, active exploitation, or a CVSS score.

Executive priority

Treat as low operational urgency unless affected kernels are widely deployed in test infrastructure or embedded products. Prioritize normal kernel update cycles and vendor advisory tracking over emergency response.

Technical view

When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, null_blk creates fault-injection configfs items. On nullbX device removal, references to those items were not released, causing kmemleak-reported memory leaks. Kernel stable commits fix the issue by explicitly releasing those references.

Likely exposure

Exposure is likely narrow: Linux systems with the null_blk driver and CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION enabled. Production systems not using this test/fault-injection path are less likely to be exposed, based on the provided description.

Exploitation context

The source bundle provides no KEV listing and no cited evidence of active exploitation. The described trigger involves null_blk configfs lifecycle behavior, suggesting local configuration or test-environment interaction rather than a remote attack path.

Researcher notes

The evidence supports a memory-leak class bug in a specific null_blk fault-injection path. No CWE, CVSS, exploitability assessment, or weaponized exploit evidence is provided. Affected-version data in the bundle is sparse, so rely on vendor backport status.

Mitigation direction

  • Apply Linux kernel updates containing the referenced stable fixes.
  • Confirm your distribution backported the null_blk reference-release fix.
  • Review Siemens SSA-253495 if Siemens products are in scope.
  • If no vendor package is available, follow vendor kernel guidance.

Validation and detection

  • Check whether the running kernel includes null_blk fault-injection support.
  • Inventory systems using null_blk configfs functionality.
  • Map kernel versions against vendor advisories and stable fix commits.
  • Review kmemleak or kernel diagnostics for related null_blk leaks.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2026-23032 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
6Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxbb4c19e030f45c5416f1eb4daa94fbaf7165e9ea, bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea, bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea, bb4c19e030f45c5416f1eb4daa94fbaf7165e9eaunaffected
LinuxLinux6.4, 0, 6.6.122, 6.12.67, 6.18.7, 6.19affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.