{"id":"CVE-2026-45861","summary":"gfs2: Fix slab-use-after-free in qd_put","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix slab-use-after-free in qd_put\n\nCommit a475c5dd16e5 (\"gfs2: Free quota data objects synchronously\")\nstarted freeing quota data objects during filesystem shutdown instead of\nputting them back onto the LRU list, but it failed to remove these\nobjects from the LRU list, causing LRU list corruption.  This caused\nuse-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access\nalready-freed objects on the LRU list.\n\nFix this by removing qd objects from the LRU list before freeing them in\nqd_put().\n\nInitial fix from Deepanshu Kartikey \u003ckartikey406@gmail.com\u003e.","modified":"2026-06-27T11:55:36.189528490Z","published":"2026-05-27T12:15:41.057Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45861.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1d47922b98046b8070a77347fb883a6523792803"},{"type":"WEB","url":"https://git.kernel.org/stable/c/22150a7d401d9e9169b9b68e05bed95f7f49bf69"},{"type":"WEB","url":"https://git.kernel.org/stable/c/80fff26d7a0c3926b511661c27eecc811a420eef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ca7c67bdd293089b3483f18886d6b2d0037d2ad9"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45861.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45861"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a475c5dd16e57c570113eccba51955b5df8bb052"},{"fixed":"ca7c67bdd293089b3483f18886d6b2d0037d2ad9"},{"fixed":"1d47922b98046b8070a77347fb883a6523792803"},{"fixed":"80fff26d7a0c3926b511661c27eecc811a420eef"},{"fixed":"22150a7d401d9e9169b9b68e05bed95f7f49bf69"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45861.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.6.0"},{"fixed":"6.12.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45861.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}