CVE-2026-45861
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
30/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
gfs2: Fix slab-use-after-free in qd_put<br />
<br />
Commit a475c5dd16e5 ("gfs2: Free quota data objects synchronously")<br />
started freeing quota data objects during filesystem shutdown instead of<br />
putting them back onto the LRU list, but it failed to remove these<br />
objects from the LRU list, causing LRU list corruption. This caused<br />
use-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access<br />
already-freed objects on the LRU list.<br />
<br />
Fix this by removing qd objects from the LRU list before freeing them in<br />
qd_put().<br />
<br />
Initial fix from Deepanshu Kartikey .
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH



