Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2026-53060

Published: Jun 24, 2026 | Modified: Jun 24, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-53060
CWEhttps://cwe.mitre.org/data/definitions/.html

In the Linux kernel, the following vulnerability has been resolved:

dm cache metadata: fix memory leak on metadata abort retry

When failing to acquire the root_lock in dm_cache_metadata_abort because the block_manager is read-only, the temporary block_manager created outside the root_lock is not properly released, causing a memory leak.

Reproduce steps:

This can be reproduced by reloading a new table while the metadata is read-only. While the second call to dm_cache_metadata_abort is caused by lack of support for table preload in dm-cache, mentioned in commit 9b1cc9f251af (dm cache: share cache-metadata object across inactive and active DM tables), it exposes the memory leak in dm_cache_metadata_abort when the function is called multiple times. Specifically, dm-cache fails to sync the new cache objects mode during preresume, creating the reproducer condition.

This issue could also occur through concurrent metadata_operation_failed calls due to races in cache mode updates, but the table preload scenario below provides a reliable reproducer.

  1. Create a cache device with some faulty trailing metadata blocks

dmsetup create cmeta «EOF 0 200 linear /dev/sdc 0 200 7992 error EOF dmsetup create cdata –table 0 131072 linear /dev/sdc 8192 dmsetup create corig –table 0 262144 linear /dev/sdc 262144 dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache –table 0 131072 cache /dev/mapper/cmeta /dev/mapper/cdata /dev/mapper/corig 128 1 writethrough smq 0

  1. Suspend and resume the cache to start a new metadata transaction and trigger metadata io errors on the next metadata commit.

dmsetup suspend cache dmsetup resume cache

  1. Write to the cache device to update metadata

fio –filename=/dev/mapper/cache –name test –rw=randwrite –bs=4k –randrepeat=0 –direct=1 –size 64k

  1. Preload the same table

dmsetup reload cache –table $(dmsetup table cache)

  1. Resume the new table. This triggers the memory leak.

dmsetup suspend cache dmsetup resume cache

kmemleak logs:

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use