DEBIAN-CVE-2026-23032

In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and inithctxfaultinject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example: unreferenced object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f inithctxfault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): _kmallocnodetrackcallernoprof+0x494/0xbd8 kvasprintf+0x74/0xf4 configitemsetname+0xf0/0x104 configgroupinittypename+0x48/0xfc faultconfiginit+0x48/0xf0 0xc0080000180559e4 configfsmkdir+0x304/0x814 vfsmkdir+0x49c/0x604 domkdirat+0x314/0x3d0 sysmkdir+0xa0/0xd8 systemcallexception+0x1b0/0x4f0 systemcallvectored_common+0x15c/0x2ec Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group.