7.5
CVE-2026-31598
- EPSS 0.44%
- Veröffentlicht 24.04.2026 14:42:23
- Zuletzt bearbeitet 01.06.2026 17:16:50
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ocfs2: fix possible deadlock between unlink and dio_end_io_write
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix possible deadlock between unlink and dio_end_io_write
ocfs2_unlink takes orphan dir inode_lock first and then ip_alloc_sem,
while in ocfs2_dio_end_io_write, it acquires these locks in reverse order.
This creates an ABBA lock ordering violation on lock classes
ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] and
ocfs2_file_ip_alloc_sem_key.
Lock Chain #0 (orphan dir inode_lock -> ip_alloc_sem):
ocfs2_unlink
ocfs2_prepare_orphan_dir
ocfs2_lookup_lock_orphan_dir
inode_lock(orphan_dir_inode) <- lock A
__ocfs2_prepare_orphan_dir
ocfs2_prepare_dir_for_insert
ocfs2_extend_dir
ocfs2_expand_inline_dir
down_write(&oi->ip_alloc_sem) <- Lock B
Lock Chain #1 (ip_alloc_sem -> orphan dir inode_lock):
ocfs2_dio_end_io_write
down_write(&oi->ip_alloc_sem) <- Lock B
ocfs2_del_inode_from_orphan()
inode_lock(orphan_dir_inode) <- Lock A
Deadlock Scenario:
CPU0 (unlink) CPU1 (dio_end_io_write)
------ ------
inode_lock(orphan_dir_inode)
down_write(ip_alloc_sem)
down_write(ip_alloc_sem)
inode_lock(orphan_dir_inode)
Since ip_alloc_sem is to protect allocation changes, which is unrelated
with operations in ocfs2_del_inode_from_orphan. So move
ocfs2_del_inode_from_orphan out of ip_alloc_sem to fix the deadlock.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.6 < 6.6.136
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.83
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.24
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.14
Linux ≫ Linux Kernel Version >= 7.0 < 7.0.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
https://git.kernel.org/stable/c/2b884d52273c60c298bd570163e8053657bbaff6
https://git.kernel.org/stable/c/bc0fb5c7d54c78be43a536df0e20dee32adb27d3
https://git.kernel.org/stable/c/f9fb1a7b635849322e1d7b7b6b26389778ec8e82
https://git.kernel.org/stable/c/e049f7a9bd80b7319590789ea5e1c523d6339d91
https://git.kernel.org/stable/c/b02da26a992db0c0e2559acbda0fc48d4a2fd337
https://git.kernel.org/stable/c/4b80b5a838a32437f2cae0662578bac216a2c51a
https://git.kernel.org/stable/c/297d8d7bb6a2bf133d3a3636edbdf94101cbd719
https://git.kernel.org/stable/c/32630dee18c6bb2175c8a865a474749492eaf19c
https://git.kernel.org/stable/c/93f35419eb84d58820040642cb6e7528fe4aba7a