CVE-2026-31400

sunrpc: fix cache_request leak in cache_release

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading
a cache_request (rp->offset != 0), cache_release() decrements the
request's readers count but never checks whether it should free the
request. In cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the
cache_request is removed from the queue and freed along with its buffer
and cache_head reference. cache_release() lacks this cleanup. The only other path that frees requests with readers == 0 is
cache_dequeue(), but it runs only when CACHE_PENDING transitions from
set to clear. If that transition already happened while readers was
still non-zero, cache_dequeue() will have skipped the request, and no
subsequent call will clean it up. Add the same cleanup logic from cache_read() to cache_release(): after
decrementing readers, check if it reached 0 with CACHE_PENDING clear,
and if so, dequeue and free the cache_request.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-03-09 CVE Reserved
2026-04-03 CVE Published
2026-04-09 EPSS Updated
2026-04-13 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7bcd5e318876ac638c8ceade7a648e76ac8c48e1	2026-03-25
https://git.kernel.org/stable/c/41f6ba6c98a618043d2cd71030bf9a752dfab8b2	2026-03-25
https://git.kernel.org/stable/c/301670dcd098c1fe5c2fe90fb3c7a8f4814d2351	2026-03-25
https://git.kernel.org/stable/c/be5c35960e5ead70862736161836e2d1bc7352dc	2026-03-25
https://git.kernel.org/stable/c/373457de14281c1fc7cace6fc4c8a267fc176673	2026-03-25
https://git.kernel.org/stable/c/17ad31b3a43b72aec3a3d83605891e1397d0d065	2026-03-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.1.167 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.1.167"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.6.130 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.6.130"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.12.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.12.78"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.18.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.18.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.19.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.19.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 7.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 7.0"		en		Affected