Fluid Attacks Database

Description

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_request (rp->offset != 0), cache_release() decrements the request's readers count but never checks whether it should free the request. In cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the cache_request is removed from the queue and freed along with its buffer and cache_head reference. cache_release() lacks this cleanup. The only other path that frees requests with readers == 0 is cache_dequeue(), but it runs only when CACHE_PENDING transitions from set to clear. If that transition already happened while readers was still non-zero, cache_dequeue() will have skipped the request, and no subsequent call will clean it up. Add the same cleanup logic from cache_read() to cache_release(): after decrementing readers, check if it reached 0 with CACHE_PENDING clear, and if so, dequeue and free the cache_request.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel9	kernel	-	-
rpm rhel9	kernel-rt	-	-
rpm rhel8	kernel	-	-
rpm rhel6	kernel	-	-
rpm rhel10	kernel	-	-
rpm rhel7	kernel	-	-
rpm rhel7	kernel-rt	-	-
rpm rhel8	kernel-rt	-	-
debian 11	linux	=5.10.103-1 \|\| =5.10.103-1~bpo10+1 \|\| =5.10.106-1 \|\| =5.10.113-1 \|\| =5.10.120-1 \|\| =5.10.120-1~bpo10+1 \|\| =5.10.127-1 \|\| =5.10.127-2 \|\| =5.10.127-2~bpo10+1 \|\| =5.10.136-1 \|\| =5.10.140-1 \|\| =5.10.148-1 \|\| =5.10.149-1 \|\| =5.10.149-2 \|\| =5.10.158-1 \|\| =5.10.158-2 \|\| =5.10.162-1 \|\| =5.10.178-1 \|\| =5.10.178-2 \|\| =5.10.178-3 \|\| =5.10.179-1 \|\| =5.10.179-2 \|\| =5.10.179-3 \|\| =5.10.179-4 \|\| =5.10.179-5 \|\| =5.10.191-1 \|\| =5.10.197-1 \|\| =5.10.205-1 \|\| =5.10.205-2 \|\| =5.10.209-1 \|\| =5.10.209-2 \|\| =5.10.216-1 \|\| =5.10.218-1 \|\| =5.10.221-1 \|\| =5.10.223-1 \|\| =5.10.226-1 \|\| =5.10.234-1 \|\| =5.10.237-1 \|\| =5.10.244-1 \|\| =5.10.247-1 \|\| =5.10.249-1 \|\| =5.10.251-1 \|\| =5.10.251-3 \|\| =5.10.251-4 \|\| =5.10.251-5 \|\| =5.10.46-4 \|\| =5.10.46-5 \|\| =5.10.70-1 \|\| =5.10.70-1~bpo10+1 \|\| =5.10.84-1 \|\| =5.10.92-1 \|\| =5.10.92-1~bpo10+1 \|\| =5.10.92-2 \|\| >=0 <5.10.257-1	5.10.257-1
debian 13	linux	=6.12.38-1 \|\| =6.12.41-1 \|\| =6.12.43-1 \|\| =6.12.43-1~bpo12+1 \|\| =6.12.48-1 \|\| =6.12.57-1 \|\| =6.12.57-1~bpo12+1 \|\| =6.12.63-1 \|\| =6.12.63-1~bpo12+1 \|\| =6.12.69-1 \|\| =6.12.69-1~bpo12+1 \|\| =6.12.73-1 \|\| =6.12.73-1~bpo12+1 \|\| =6.12.74-1 \|\| =6.12.74-2 \|\| =6.12.74-2~bpo12+1 \|\| =6.12.85-1~bpo12+1 \|\| >=0 <6.12.85-1	6.12.85-1

1-10 of 13

Aliases

1. CVE-2026-314002. NVD-2026-314003. OSV-2026-314004. OSV-DEBIAN-2026-314005. SECURITY-TRACKER-CVE-2026-31400

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.