In the Linux kernel, the following vulnerability has been resolved:

fs/mbcache: cancel shrink work before destroying the cache

mb_cache_destroy() calls shrinker_free() and then frees all cache
entries and the cache itself, but it does not cancel the pending
c_shrink_work work item first.

If mb_cache_entry_create() schedules c_shrink_work via schedule_work()
and the work item is still pending or running when mb_cache_destroy()
runs, mb_cache_shrink_worker() will access the cache after its memory
has been freed, causing a use-after-free.

This is only reachable by a privileged user (root or CAP_SYS_ADMIN)
who can trigger the last put of a mounted ext2/ext4/ocfs2 filesystem.

Cancel the work item with cancel_work_sync() before calling
shrinker_free(), ensuring the worker has finished and will not be
rescheduled before the cache is torn down.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
c2f3140fe2eceb3a6c1615b2648b9471544881c6 affected < a88d39a74a208e197c03bffaa2df34de732af19f
c2f3140fe2eceb3a6c1615b2648b9471544881c6 affected < 0e4eff315d799f5842b95872199b0f0fb8ef5f51
c2f3140fe2eceb3a6c1615b2648b9471544881c6 affected < b25fd3523bef88fb7ffd4c5b63bbe9c08f73bb4c
c2f3140fe2eceb3a6c1615b2648b9471544881c6 affected < d227786ab1119669df4dc333a61510c52047cce4
Linux Linux affected
Version Status Constraints
4.6 affected
0 unaffected < 4.6
6.12.91 unaffected ≤ 6.12.*
6.18.33 unaffected ≤ 6.18.*
7.0.10 unaffected ≤ 7.0.*
7.1 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/0e4eff315d799f5842b95872199b0f0fb8ef5f51 cve-icon
https://git.kernel.org/stable/c/a88d39a74a208e197c03bffaa2df34de732af19f cve-icon
https://git.kernel.org/stable/c/b25fd3523bef88fb7ffd4c5b63bbe9c08f73bb4c cve-icon
https://git.kernel.org/stable/c/d227786ab1119669df4dc333a61510c52047cce4 cve-icon
History

Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mb_cache_destroy() calls shrinker_free() and then frees all cache entries and the cache itself, but it does not cancel the pending c_shrink_work work item first. If mb_cache_entry_create() schedules c_shrink_work via schedule_work() and the work item is still pending or running when mb_cache_destroy() runs, mb_cache_shrink_worker() will access the cache after its memory has been freed, causing a use-after-free. This is only reachable by a privileged user (root or CAP_SYS_ADMIN) who can trigger the last put of a mounted ext2/ext4/ocfs2 filesystem. Cancel the work item with cancel_work_sync() before calling shrinker_free(), ensuring the worker has finished and will not be rescheduled before the cache is torn down.
Title fs/mbcache: cancel shrink work before destroying the cache
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:56.562Z

Reserved: 2026-06-09T07:44:35.386Z

Link: CVE-2026-53129

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:45:03Z

Weaknesses