In the Linux kernel, the following vulnerability has been resolved:
gfs2: fix memory leaks in gfs2fillsuper error path
Fix two memory leaks in the gfs2fillsuper() error handling path when transitioning a filesystem to read-write mode fails.
First leak: kthread objects (threadstruct, taskstruct, etc.) When gfs2freezelockshared() fails after initthreads() succeeds, the created kernel threads (logd and quotad) are never destroyed. This occurs because the failpernode label doesn't call gfs2destroythreads().
Second leak: quota bitmap buffer (8192 bytes) When gfs2makefsrw() fails after gfs2quota_init() succeeds but before other operations complete, the allocated quota bitmap is never freed.
The fix moves thread cleanup to the failpernode label to handle all error paths uniformly. gfs2destroythreads() is safe to call unconditionally as it checks for NULL pointers. Quota cleanup is added in gfs2makefs_rw() to properly handle the withdrawal case where quota initialization succeeds but the filesystem is then withdrawn.
Thread leak backtrace (gfs2freezelockshared failure): unreferenced object 0xffff88801d7bca80 (size 4480): copyprocess+0x3a1/0x4670 kernel/fork.c:2422 kernelclone+0xf3/0x6e0 kernel/fork.c:2779 kthreadcreateonnode+0x100/0x150 kernel/kthread.c:478 initthreads+0xab/0x350 fs/gfs2/opsfstype.c:611 gfs2fillsuper+0xe5c/0x1240 fs/gfs2/ops_fstype.c:1265
Quota leak backtrace (gfs2makefsrw failure): unreferenced object 0xffff88812de7c000 (size 8192): gfs2quotainit+0xe5/0x820 fs/gfs2/quota.c:1409 gfs2makefsrw+0x7a/0xe0 fs/gfs2/super.c:149 gfs2fillsuper+0xfbb/0x1240 fs/gfs2/ops_fstype.c:1275
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45961.json",
"cna_assigner": "Linux"
}