{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53060","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.382Z","datePublished":"2026-06-24T16:30:04.872Z","dateUpdated":"2026-06-24T16:30:04.872Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-24T16:30:04.872Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache metadata: fix memory leak on metadata abort retry\n\nWhen failing to acquire the root_lock in dm_cache_metadata_abort because\nthe block_manager is read-only, the temporary block_manager created\noutside the root_lock is not properly released, causing a memory leak.\n\nReproduce steps:\n\nThis can be reproduced by reloading a new table while the metadata\nis read-only. While the second call to dm_cache_metadata_abort is\ncaused by lack of support for table preload in dm-cache, mentioned\nin commit 9b1cc9f251af (\"dm cache: share cache-metadata object across\ninactive and active DM tables\"), it exposes the memory leak in\ndm_cache_metadata_abort when the function is called multiple times.\nSpecifically, dm-cache fails to sync the new cache object's mode during\npreresume, creating the reproducer condition.\n\nThis issue could also occur through concurrent metadata_operation_failed\ncalls due to races in cache mode updates, but the table preload scenario\nbelow provides a reliable reproducer.\n\n1. Create a cache device with some faulty trailing metadata blocks\n\ndmsetup create cmeta <<EOF\n0 200 linear /dev/sdc 0\n200 7992 error\nEOF\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 131072 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 1 writethrough smq 0\"\n\n2. Suspend and resume the cache to start a new metadata transaction and\n   trigger metadata io errors on the next metadata commit.\n\ndmsetup suspend cache\ndmsetup resume cache\n\n3. Write to the cache device to update metadata\n\nfio --filename=/dev/mapper/cache --name test --rw=randwrite --bs=4k \\\n--randrepeat=0 --direct=1 --size 64k\n\n4. Preload the same table\n\ndmsetup reload cache --table \"$(dmsetup table cache)\"\n\n5. Resume the new table. This triggers the memory leak.\n\ndmsetup suspend cache\ndmsetup resume cache\n\nkmemleak logs:\n\n<snip>\nunreferenced object 0xffff8880080c2010 (size 16):\n  comm \"dmsetup\", pid 132, jiffies 4294982580\n  hex dump (first 16 bytes):\n    00 38 b9 07 80 88 ff ff 6a 6b 6b 6b 6b 6b 6b a5 ...\n  backtrace (crc 3118f31c):\n    kmemleak_alloc+0x28/0x40\n    __kmalloc_cache_noprof+0x3d9/0x510\n    dm_block_manager_create+0x51/0x140\n    dm_cache_metadata_abort+0x85/0x320\n    metadata_operation_failed+0x103/0x1e0\n    cache_preresume+0xacd/0xe70\n    dm_table_resume_targets+0xd3/0x320\n    __dm_resume+0x1b/0xf0\n    dm_resume+0x127/0x170\n<snip>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/dm-cache-metadata.c"],"versions":[{"version":"b45e77b79215405bd039a690f5b06cc03e8ed27d","lessThan":"14f60e957f34f95a626caec76a8fae88cf4c397f","status":"affected","versionType":"git"},{"version":"28d307f380df88a598bc0186d527462902d9bda1","lessThan":"6b97cc7a42905755c56bbddc33aa8b792205caee","status":"affected","versionType":"git"},{"version":"f74b7c5a85e22cd9091845e0d62a1dd89d0f855f","lessThan":"d1a79620c419a0af1911f99c873014b30740e303","status":"affected","versionType":"git"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"15c30997dca681f90dbf2d45ee629c1828bf0c0d","status":"affected","versionType":"git"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"b0bd35535bdb6f58505f3a30ee5793986943997a","status":"affected","versionType":"git"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"322a3b70368d49e39591fe9fc6c07d262128b05f","status":"affected","versionType":"git"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"4311ca59a1891d33c4c8b7946f98c34f167fe833","status":"affected","versionType":"git"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"044ca491d4086dc5bf233e9fcb71db52df32f633","status":"affected","versionType":"git"},{"version":"6e237cacda8b4e976849e7bff9fe7dff0e968586","status":"affected","versionType":"git"},{"version":"3972ae47d0ee9b5b434af5d0cca6cdfd1e239d4f","status":"affected","versionType":"git"},{"version":"9958f5ffc44530b650fb4cc9038a4d167fa4f5c1","status":"affected","versionType":"git"},{"version":"f472bfc95d9c9653172dbdad39219b32fabf9b92","status":"affected","versionType":"git"},{"version":"bdd4e106929ac943f3226d8f03754b480701e97b","status":"affected","versionType":"git"},{"version":"5.10.163","lessThan":"5.10.258","status":"affected","versionType":"semver"},{"version":"5.15.87","lessThan":"5.15.209","status":"affected","versionType":"semver"},{"version":"6.1.4","lessThan":"6.1.175","status":"affected","versionType":"semver"},{"version":"4.9.337","lessThan":"4.10","status":"affected","versionType":"semver"},{"version":"4.14.303","lessThan":"4.15","status":"affected","versionType":"semver"},{"version":"4.19.270","lessThan":"4.20","status":"affected","versionType":"semver"},{"version":"5.4.229","lessThan":"5.5","status":"affected","versionType":"semver"},{"version":"6.0.18","lessThan":"6.1","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/dm-cache-metadata.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.163","versionEndExcluding":"5.10.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.87","versionEndExcluding":"5.15.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.4","versionEndExcluding":"6.1.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.12.91"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.18.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.337"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/14f60e957f34f95a626caec76a8fae88cf4c397f"},{"url":"https://git.kernel.org/stable/c/6b97cc7a42905755c56bbddc33aa8b792205caee"},{"url":"https://git.kernel.org/stable/c/d1a79620c419a0af1911f99c873014b30740e303"},{"url":"https://git.kernel.org/stable/c/15c30997dca681f90dbf2d45ee629c1828bf0c0d"},{"url":"https://git.kernel.org/stable/c/b0bd35535bdb6f58505f3a30ee5793986943997a"},{"url":"https://git.kernel.org/stable/c/322a3b70368d49e39591fe9fc6c07d262128b05f"},{"url":"https://git.kernel.org/stable/c/4311ca59a1891d33c4c8b7946f98c34f167fe833"},{"url":"https://git.kernel.org/stable/c/044ca491d4086dc5bf233e9fcb71db52df32f633"}],"title":"dm cache metadata: fix memory leak on metadata abort retry","x_generator":{"engine":"bippy-1.2.0"}}}}