In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()
Add the missing put_disk() on the error path in
blkcg_maybe_throttle_current(). When blkcg lookup, blkg lookup, or
blkg_tryget() fails, the function jumps to the out label which only
calls rcu_read_unlock() but does not release the disk reference acquired
by blkcg_schedule_throttle() via get_device(). Since current->throttle_disk
is already set to NULL before the lookup, blkcg_exit() cannot release
this reference either, causing the disk to never be freed.
Restore the reference release that was present as blk_put_queue() in the
original code but was inadvertently dropped during the conversion from
request_queue to gendisk.
CVSS
No CVSS.
References
Configurations
No configuration.
History
24 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-24 17:17
Updated : 2026-07-14 15:26
NVD link : CVE-2026-53126
Mitre link : CVE-2026-53126
CVE.ORG link : CVE-2026-53126
JSON object : View
Products Affected
No product.
CWE
No CWE.
