5.5
CVE-2026-46061
- EPSS 0.09%
- Veröffentlicht 27.05.2026 12:57:22
- Zuletzt bearbeitet 16.06.2026 01:17:18
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
jbd2: fix deadlock in jbd2_journal_cancel_revoke()
In the Linux kernel, the following vulnerability has been resolved:
jbd2: fix deadlock in jbd2_journal_cancel_revoke()
Commit f76d4c28a46a ("fs/jbd2: use sleeping version of
__find_get_block()") changed jbd2_journal_cancel_revoke() to use
__find_get_block_nonatomic() which holds the folio lock instead of
i_private_lock. This breaks the lock ordering (folio -> buffer) and
causes an ABBA deadlock when the filesystem blocksize < pagesize:
T1 T2
ext4_mkdir()
ext4_init_new_dir()
ext4_append()
ext4_getblk()
lock_buffer() <- A
sync_blockdev()
blkdev_writepages()
writeback_iter()
writeback_get_folio()
folio_lock() <- B
ext4_journal_get_create_access()
jbd2_journal_cancel_revoke()
__find_get_block_nonatomic()
folio_lock() <- B
block_write_full_folio()
lock_buffer() <- A
This can occasionally cause generic/013 to hang.
Fix by only calling __find_get_block_nonatomic() when the passed
buffer_head doesn't belong to the bdev, which is the only case that we
need to look up its bdev alias. Otherwise, the lookup is redundant since
the found buffer_head is equal to the one we passed in.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.12.31 < 6.12.86
Linux ≫ Linux Kernel Version >= 6.14.9 < 6.15
Linux ≫ Linux Kernel Version >= 6.15.1 < 6.18.27
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.4
Linux ≫ Linux Kernel Version6.15 Update-
Linux ≫ Linux Kernel Version6.15 Updaterc4
Linux ≫ Linux Kernel Version6.15 Updaterc5
Linux ≫ Linux Kernel Version6.15 Updaterc6
Linux ≫ Linux Kernel Version6.15 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.008 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
https://git.kernel.org/stable/c/dff07cc98fdf6af57a7c054dc09b2050a9d5c287
https://git.kernel.org/stable/c/2b2fee890250ab647a601124471a334bb01a0790
https://git.kernel.org/stable/c/bbd943d6a2d566428324b516a37f98328dfb802d
https://git.kernel.org/stable/c/981fcc5674e67158d24d23e841523eccba19d0e7