Improper Update of Reference Count Affecting kernel-tools-debuginfo package, versions <1:6.1.168-202.320.amzn2023
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-AMZN2023-KERNELTOOLSDEBUGINFO-16627109
- published10 May 2026
- disclosed22 Apr 2026
Introduced: 22 Apr 2026
CVE-2026-31434 (opens in a new tab)How to fix?
Upgrade Amazon-Linux:2023 kernel-tools-debuginfo to version 1:6.1.168-202.320.amzn2023 or higher.
This issue was patched in ALAS2023-2026-1681.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-tools-debuginfo package and not the kernel-tools-debuginfo package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2023 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix leak of kobject name for sub-group space_info
When create_space_info_sub_group() allocates elements of space_info->sub_group[], kobject_init_and_add() is called for each element via btrfs_sysfs_add_space_info_type(). However, when check_removing_space_info() frees these elements, it does not call btrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is not called and the associated kobj->name objects are leaked.
This memory leak is reproduced by running the blktests test case zbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak feature reports the following error:
unreferenced object 0xffff888112877d40 (size 16): comm "mount", pid 1244, jiffies 4294996972 hex dump (first 16 bytes): 64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f data-reloc...... backtrace (crc 53ffde4d): __kmalloc_node_track_caller_noprof+0x619/0x870 kstrdup+0x42/0xc0 kobject_set_name_vargs+0x44/0x110 kobject_init_and_add+0xcf/0x150 btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs] create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs] create_space_info+0x211/0x320 [btrfs] btrfs_init_space_info+0x15a/0x1b0 [btrfs] open_ctree+0x33c7/0x4a50 [btrfs] btrfs_get_tree.cold+0x9f/0x1ee [btrfs] vfs_get_tree+0x87/0x2f0 vfs_cmd_create+0xbd/0x280 __do_sys_fsconfig+0x3df/0x990 do_syscall_64+0x136/0x1540 entry_SYSCALL_64_after_hwframe+0x76/0x7e
To avoid the leak, call btrfs_sysfs_remove_space_info() instead of kfree() for the elements.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31434
- https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a
- https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc
- https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949
- https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48
- https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c
- https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41