In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qd_put Commit a475c5dd16e5 ("gfs2: Free quota data objects synchronously") started freeing quota data objects during filesystem shutdown instead of putting them back onto the LRU list, but it failed to remove these objects from the LRU list, causing LRU list corruption. This caused use-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access already-freed objects on the LRU list. Fix this by removing qd objects from the LRU list before freeing them in qd_put(). Initial fix from Deepanshu Kartikey <kartikey406@gmail.com>.

A flaw was found in the Linux kernel's GFS2 file system. During filesystem shutdown, quota data objects were freed without being properly removed from the Least Recently Used (LRU) list. This oversight could lead to a use-after-free vulnerability, where the system attempts to access memory that has already been released. Such a condition can cause system instability, crashes, or potentially allow a local attacker to escalate privileges or execute arbitrary code.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Affected kernel Red Hat Enterprise Linux 7 Affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-45861 https://nvd.nist.gov/vuln/detail/CVE-2026-45861 https://lore.kernel.org/linux-cve-announce/2026052710-CVE-2026-45861-1fba@gregkh/T