CVE-2026-23050
Unknown Unknown - Not Provided
Deadlock Vulnerability in Linux Kernel pNFS Delegation Handling

Publication date: 2026-02-04

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the following stack trace: 0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415 1 [ffffd0b50e177548] schedule at ffffffff9ca05717 2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1 3 [ffffd0b50e177568] __wait_on_bit at ffffffff9ca05cfb 4 [ffffd0b50e1775c8] out_of_line_wait_on_bit at ffffffff9ca05ea5 5 [ffffd0b50e177618] pnfs_roc at ffffffffc154207b [nfsv4] 6 [ffffd0b50e1776b8] _nfs4_proc_delegreturn at ffffffffc1506586 [nfsv4] 7 [ffffd0b50e177788] nfs4_proc_delegreturn at ffffffffc1507480 [nfsv4] 8 [ffffd0b50e1777f8] nfs_do_return_delegation at ffffffffc1523e41 [nfsv4] 9 [ffffd0b50e177838] nfs_inode_set_delegation at ffffffffc1524a75 [nfsv4] 10 [ffffd0b50e177888] nfs4_process_delegation at ffffffffc14f41dd [nfsv4] 11 [ffffd0b50e1778a0] _nfs4_opendata_to_nfs4_state at ffffffffc1503edf [nfsv4] 12 [ffffd0b50e1778c0] _nfs4_open_and_get_state at ffffffffc1504e56 [nfsv4] 13 [ffffd0b50e177978] _nfs4_do_open at ffffffffc15051b8 [nfsv4] 14 [ffffd0b50e1779f8] nfs4_do_open at ffffffffc150559c [nfsv4] 15 [ffffd0b50e177a80] nfs4_atomic_open at ffffffffc15057fb [nfsv4] 16 [ffffd0b50e177ad0] nfs4_file_open at ffffffffc15219be [nfsv4] 17 [ffffd0b50e177b78] do_dentry_open at ffffffff9c09e6ea 18 [ffffd0b50e177ba8] vfs_open at ffffffff9c0a082e 19 [ffffd0b50e177bd0] dentry_open at ffffffff9c0a0935 The issue is that the delegreturn is being asked to wait for a layout return that cannot complete because a state recovery was initiated. The state recovery cannot complete until the open() finishes processing the delegations it was given. The solution is to propagate the existing flags that indicate a non-blocking call to the function pnfs_roc(), so that it knows not to wait in this situation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-25
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23050
EUVD
EUVD-2026-5496
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's pNFS (parallel Network File System) implementation. It causes a deadlock when returning a delegation during the open() operation.

Specifically, the problem occurs because the delegreturn function waits for a layout return that cannot complete. This happens because a state recovery process has started, which itself cannot complete until the open() finishes processing the delegations it was given. This circular wait leads to a hang or deadlock.

The fix involves propagating existing flags that indicate a non-blocking call to the pnfs_roc() function, so it knows not to wait in this situation, preventing the deadlock.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to hang or deadlock during file open operations involving pNFS delegations.

Such a deadlock can lead to system unresponsiveness or degraded performance, potentially affecting applications relying on network file systems and causing service interruptions.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a deadlock or hang in the Linux kernel related to pNFS delegation returns during open() operations.

Detection can involve monitoring for system hangs or kernel stack traces similar to the one reported, which includes functions like __schedule, pnfs_roc, and nfs4_proc_delegreturn.

You can check for kernel logs indicating hangs or deadlocks using commands such as:

  • dmesg | grep -i 'pnfs_roc'
  • journalctl -k | grep -i 'nfs4_proc_delegreturn'
  • ps -ef | grep nfs

Additionally, monitoring for processes stuck in uninterruptible sleep (D state) using:

  • ps aux | awk '$8=="D"'

may help identify hangs caused by this issue.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by propagating non-blocking flags to the pnfs_roc() function to avoid deadlocks during delegation returns.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability.
  • If updating immediately is not possible, consider restarting affected NFS services or the system to clear any existing deadlocks.
  • Monitor system logs and kernel messages for signs of the deadlock to respond promptly.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart