| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026021420-CVE-2026-23168-0630@gregkh>
Date: Sat, 14 Feb 2026 17:04:34 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2026-23168: flex_proportions: make fprop_new_period() hardirq safe
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
flex_proportions: make fprop_new_period() hardirq safe
Bernd has reported a lockdep splat from flexible proportions code that is
essentially complaining about the following race:
<timer fires>
run_timer_softirq - we are in softirq context
call_timer_fn
writeout_period
fprop_new_period
write_seqcount_begin(&p->sequence);
<hardirq is raised>
...
blk_mq_end_request()
blk_update_request()
ext4_end_bio()
folio_end_writeback()
__wb_writeout_add()
__fprop_add_percpu_max()
if (unlikely(max_frac < FPROP_FRAC_BASE)) {
fprop_fraction_percpu()
seq = read_seqcount_begin(&p->sequence);
- sees odd sequence so loops indefinitely
Note that a deadlock like this is only possible if the bdi has configured
maximum fraction of writeout throughput which is very rare in general but
frequent for example for FUSE bdis. To fix this problem we have to make
sure write section of the sequence counter is irqsafe.
The Linux kernel CVE team has assigned CVE-2026-23168 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.0 with commit a91befde350375b1ff954635acdde14dc92cd9a8 and fixed in 6.1.162 with commit 0acc9ba7a1b5ba4d998c5753e709be904e179b75
Issue introduced in 6.0 with commit a91befde350375b1ff954635acdde14dc92cd9a8 and fixed in 6.6.123 with commit 884b2590ffcc7222cbbd6298051f4c243cc36f5d
Issue introduced in 6.0 with commit a91befde350375b1ff954635acdde14dc92cd9a8 and fixed in 6.12.69 with commit 78ede9ebd679dadf480dce6f7b798e3603f88348
Issue introduced in 6.0 with commit a91befde350375b1ff954635acdde14dc92cd9a8 and fixed in 6.18.9 with commit b91a84299d72ae0e05551e851e47cd3008bd025b
Issue introduced in 6.0 with commit a91befde350375b1ff954635acdde14dc92cd9a8 and fixed in 6.19 with commit dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2026-23168
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
lib/flex_proportions.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/0acc9ba7a1b5ba4d998c5753e709be904e179b75
https://git.kernel.org/stable/c/884b2590ffcc7222cbbd6298051f4c243cc36f5d
https://git.kernel.org/stable/c/78ede9ebd679dadf480dce6f7b798e3603f88348
https://git.kernel.org/stable/c/b91a84299d72ae0e05551e851e47cd3008bd025b
https://git.kernel.org/stable/c/dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc
Powered by blists - more mailing lists