5.5

CVE-2026-23168

EPSS 0.02%
Veröffentlicht 14.02.2026 16:15:57
Zuletzt bearbeitet 18.03.2026 15:00:47
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

flex_proportions: make fprop_new_period() hardirq safe

In the Linux kernel, the following vulnerability has been resolved:

flex_proportions: make fprop_new_period() hardirq safe

Bernd has reported a lockdep splat from flexible proportions code that is
essentially complaining about the following race:

<timer fires>
run_timer_softirq - we are in softirq context
  call_timer_fn
    writeout_period
      fprop_new_period
        write_seqcount_begin(&p->sequence);

        <hardirq is raised>
        ...
        blk_mq_end_request()
	  blk_update_request()
	    ext4_end_bio()
	      folio_end_writeback()
		__wb_writeout_add()
		  __fprop_add_percpu_max()
		    if (unlikely(max_frac < FPROP_FRAC_BASE)) {
		      fprop_fraction_percpu()
			seq = read_seqcount_begin(&p->sequence);
			  - sees odd sequence so loops indefinitely

Note that a deadlock like this is only possible if the bdi has configured
maximum fraction of writeout throughput which is very rare in general but
frequent for example for FUSE bdis.  To fix this problem we have to make
sure write section of the sequence counter is irqsafe.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

NVD 11 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.0 < 6.1.162

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.123

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.69

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.9

Linux ≫ Linux Kernel Version6.19 Updaterc1

Linux ≫ Linux Kernel Version6.19 Updaterc2

Linux ≫ Linux Kernel Version6.19 Updaterc3

Linux ≫ Linux Kernel Version6.19 Updaterc4

Linux ≫ Linux Kernel Version6.19 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc6

Linux ≫ Linux Kernel Version6.19 Updaterc7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.045

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0acc9ba7a1b5ba4d998c5753e709be904e179b75

Patch

https://git.kernel.org/stable/c/78ede9ebd679dadf480dce6f7b798e3603f88348

Patch

https://git.kernel.org/stable/c/884b2590ffcc7222cbbd6298051f4c243cc36f5d

Patch

https://git.kernel.org/stable/c/b91a84299d72ae0e05551e851e47cd3008bd025b

Patch

https://git.kernel.org/stable/c/dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-23168

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23168

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23168

EUVD