-

CVE-2026-23047

In the Linux kernel, the following vulnerability has been resolved:

libceph: make calc_target() set t->paused, not just clear it

Currently calc_target() clears t->paused if the request shouldn't be
paused anymore, but doesn't ever set t->paused even though it's able to
determine when the request should be paused.  Setting t->paused is left
to __submit_request() which is fine for regular requests but doesn't
work for linger requests -- since __submit_request() doesn't operate
on linger requests, there is nowhere for lreq->t.paused to be set.
One consequence of this is that watches don't get reestablished on
paused -> unpaused transitions in cases where requests have been paused
long enough for the (paused) unwatch request to time out and for the
subsequent (re)watch request to enter the paused state.  On top of the
watch not getting reestablished, rbd_reregister_watch() gets stuck with
rbd_dev->watch_mutex held:

  rbd_register_watch
    __rbd_register_watch
      ceph_osdc_watch
        linger_reg_commit_wait

It's waiting for lreq->reg_commit_wait to be completed, but for that to
happen the respective request needs to end up on need_resend_linger list
and be kicked when requests are unpaused.  There is no chance for that
if the request in question is never marked paused in the first place.

The fact that rbd_dev->watch_mutex remains taken out forever then
prevents the image from getting unmapped -- "rbd unmap" would inevitably
hang in D state on an attempt to grab the mutex.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 2b3329b3c29d9e188e40d902d5230c2d5989b940
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 5d0dc83cb9a69c1d0bea58f1c430199b05f6b021
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 4d3399c52e0e61720ae898f5a0b5b75d4460ae24
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 4ebc711b738d139cabe2fc9e7e7749847676a342
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 6f468f6ff233c6a81e0e761d9124e982903fe9a5
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 5647d42c47b535573b63e073e91164d6a5bb058c
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < c0fe2994f9a9d0a2ec9e42441ea5ba74b6a16176
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version <= 5.10.*
Version 5.10.248
Status unaffected
Version <= 5.15.*
Version 5.15.198
Status unaffected
Version <= 6.1.*
Version 6.1.161
Status unaffected
Version <= 6.6.*
Version 6.6.121
Status unaffected
Version <= 6.12.*
Version 6.12.66
Status unaffected
Version <= 6.18.*
Version 6.18.6
Status unaffected
Version <= *
Version 6.19-rc5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Es wurden noch keine Metriken (CVSS, EPSS) zu dieser CVE veröffentlicht.
Es wurden noch keine Informationen zu CWE veröffentlicht.