CVE-2026-23109

In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the while() loop in wait_sb_inodes(), we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse, traditionally does not have data integrity semantics, there is no need to wait at all; we can simply skip these inodes. This restores fuse back to prior behavior where syncs are no-ops. This fixes a user regression where if a system is running a faulty fuse server that does not reply to issued write requests, this causes wait_sb_inodes() to wait forever.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3f4ed5e2b8f111553562507ad6202432c7c57731	Patch
https://git.kernel.org/stable/c/f9a49aa302a05e91ca01f69031cb79a0ea33031f	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::

History

No history.

Information

Published : 2026-02-04 17:16

Updated : 2026-03-18 14:10

NVD link : CVE-2026-23109

Mitre link : CVE-2026-23109

CVE.ORG link : CVE-2026-23109

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2026-23109", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-02-04T17:16:21.783", "references": [{"url": "https://git.kernel.org/stable/c/3f4ed5e2b8f111553562507ad6202432c7c57731", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f9a49aa302a05e91ca01f69031cb79a0ea33031f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes()\n\nAbove the while() loop in wait_sb_inodes(), we document that we must wait\nfor all pages under writeback for data integrity. Consequently, if a\nmapping, like fuse, traditionally does not have data integrity semantics,\nthere is no need to wait at all; we can simply skip these inodes.\n\nThis restores fuse back to prior behavior where syncs are no-ops. This\nfixes a user regression where if a system is running a faulty fuse server\nthat does not reply to issued write requests, this causes wait_sb_inodes()\nto wait forever."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfs/writeback: omitir los mapeos AS_NO_DATA_INTEGRITY en wait_sb_inodes()\n\nPor encima del bucle while() en wait_sb_inodes(), documentamos que debemos esperar por todas las p\u00e1ginas en proceso de escritura para la integridad de los datos. En consecuencia, si un mapeo, como fuse, tradicionalmente no tiene sem\u00e1ntica de integridad de datos, no hay necesidad de esperar en absoluto; podemos simplemente omitir estos inodos.\n\nEsto restaura fuse a su comportamiento anterior donde las sincronizaciones son no-ops. Esto corrige una regresi\u00f3n de usuario donde si un sistema est\u00e1 ejecutando un servidor fuse defectuoso que no responde a las solicitudes de escritura emitidas, esto hace que wait_sb_inodes() espere indefinidamente."}], "lastModified": "2026-03-18T14:10:20.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "467E1359-7F6A-4790-AC45-172024944460", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}