CVE-2026-31654

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/vma: fix memory leak in __mmap_region()<br /> <br /> commit 605f6586ecf7 ("mm/vma: do not leak memory when .mmap_prepare<br /> swaps the file") handled the success path by skipping get_file() via<br /> file_doesnt_need_get, but missed the error path.<br /> <br /> When /dev/zero is mmap&amp;#39;d with MAP_SHARED, mmap_zero_prepare() calls<br /> shmem_zero_setup_desc() which allocates a new shmem file to back the<br /> mapping. If __mmap_new_vma() subsequently fails, this replacement<br /> file is never fput()&amp;#39;d - the original is released by<br /> ksys_mmap_pgoff(), but nobody releases the new one.<br /> <br /> Add fput() for the swapped file in the error path.<br /> <br /> Reproducible with fault injection.<br /> <br /> FAULT_INJECTION: forcing a failure.<br /> name failslab, interval 1, probability 0, space 0, times 1<br /> CPU: 2 UID: 0 PID: 366 Comm: syz.7.14 Not tainted 7.0.0-rc6 #2 PREEMPT(full)<br /> Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x164/0x1f0<br /> should_fail_ex+0x525/0x650<br /> should_failslab+0xdf/0x140<br /> kmem_cache_alloc_noprof+0x78/0x630<br /> vm_area_alloc+0x24/0x160<br /> __mmap_region+0xf6b/0x2660<br /> mmap_region+0x2eb/0x3a0<br /> do_mmap+0xc79/0x1240<br /> vm_mmap_pgoff+0x252/0x4c0<br /> ksys_mmap_pgoff+0xf8/0x120<br /> __x64_sys_mmap+0x12a/0x190<br /> do_syscall_64+0xa9/0x580<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> <br /> kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)<br /> BUG: memory leak<br /> unreferenced object 0xffff8881118aca80 (size 360):<br /> comm "syz.7.14", pid 366, jiffies 4294913255<br /> hex dump (first 32 bytes):<br /> 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........<br /> ff ff ff ff ff ff ff ff c0 28 4d ae ff ff ff ff .........(M.....<br /> backtrace (crc db0f53bc):<br /> kmem_cache_alloc_noprof+0x3ab/0x630<br /> alloc_empty_file+0x5a/0x1e0<br /> alloc_file_pseudo+0x135/0x220<br /> __shmem_file_setup+0x274/0x420<br /> shmem_zero_setup_desc+0x9c/0x170<br /> mmap_zero_prepare+0x123/0x140<br /> __mmap_region+0xdda/0x2660<br /> mmap_region+0x2eb/0x3a0<br /> do_mmap+0xc79/0x1240<br /> vm_mmap_pgoff+0x252/0x4c0<br /> ksys_mmap_pgoff+0xf8/0x120<br /> __x64_sys_mmap+0x12a/0x190<br /> do_syscall_64+0xa9/0x580<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> Found by syzkaller.