CVE-2026-43106

Source
https://cve.org/CVERecord?id=CVE-2026-43106
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43106.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43106
Downstream
Published
2026-05-06T07:40:34.365Z
Modified
2026-07-08T08:02:14.827563553Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
cachefiles: fix incorrect dentry refcount in cachefiles_cull()
Details

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: fix incorrect dentry refcount in cachefiles_cull()

The patch mentioned below changed cachefilesburyobject() to expect 2 references to the 'rep' dentry. Three of the callers were changed to use startremovingdentry() which takes an extra reference so in those cases the call gets the expected references.

However there is another call to cachefilesburyobject() in cachefilescull() which did not need to be changed to use startremoving_dentry() and so was not properly considered. It still passed the dentry with just one reference so the net result is that a reference is lost.

To meet the expectations of cachefilesburyobject(), cachefilescull() must take an extra reference before the call. It will be dropped by cachefilesbury_object().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43106.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7bb1eb45e43c4730cbc5a48b9e9295049fccdacb
Fixed
6577df7dc7a7de128442b6192c7a32195c923480
Fixed
1635c2acdde86c4f555b627aec873c8677c421ed

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43106.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.14

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43106.json"