CVE-2026-53126 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current() Add the missing put_disk() on the error path in blkcg_maybe_throttle_current(). When blkcg lookup, blkg lookup, or blkg_tryget() fails, the function jumps to the out label which only calls rcu_read_unlock() but does not release the disk reference acquired by blkcg_schedule_throttle() via get_device(). Since current->throttle_disk is already set to NULL before the lookup, blkcg_exit() cannot release this reference either, causing the disk to never be freed. Restore the reference release that was present as blk_put_queue() in the original code but was inadvertently dropped during the conversion from request_queue to gendisk.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/000e8454692cab9d1f1b80130e2870e355301d06
https://git.kernel.org/stable/c/23308af722fefed00af5f238024c11710938fba3
https://git.kernel.org/stable/c/4048ed98860d3785645ebbd34f69566a6c7320c3
https://git.kernel.org/stable/c/73a5af059905d171b398c8b2381632ee499948b5
https://git.kernel.org/stable/c/b3e005f16cd98f815429a87aef4c61e9c140779f

History

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current() Add the missing put_disk() on the error path in blkcg_maybe_throttle_current(). When blkcg lookup, blkg lookup, or blkg_tryget() fails, the function jumps to the out label which only calls rcu_read_unlock() but does not release the disk reference acquired by blkcg_schedule_throttle() via get_device(). Since current->throttle_disk is already set to NULL before the lookup, blkcg_exit() cannot release this reference either, causing the disk to never be freed. Restore the reference release that was present as blk_put_queue() in the original code but was inadvertently dropped during the conversion from request_queue to gendisk.
Title		blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/000e8454692cab9d1f1b80130e2870e355301d06 https://git.kernel.org/stable/c/23308af722fefed00af5f238024c11710938fba3 https://git.kernel.org/stable/c/4048ed98860d3785645ebbd34f69566a6c7320c3 https://git.kernel.org/stable/c/73a5af059905d171b398c8b2381632ee499948b5 https://git.kernel.org/stable/c/b3e005f16cd98f815429a87aef4c61e9c140779f

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:54.594Z

Updated: 2026-06-24T16:30:54.594Z

Reserved: 2026-06-09T07:44:35.386Z

Link: CVE-2026-53126

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object