CVE-2026-23109
Unknown Unknown - Not Provided
Infinite Wait Vulnerability in Linux Kernel FUSE Writeback Handling

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the while() loop in wait_sb_inodes(), we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse, traditionally does not have data integrity semantics, there is no need to wait at all; we can simply skip these inodes. This restores fuse back to prior behavior where syncs are no-ops. This fixes a user regression where if a system is running a faulty fuse server that does not reply to issued write requests, this causes wait_sb_inodes() to wait forever.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23109
EUVD
EUVD-2026-5432
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.16 (inc) to 6.18.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's file system writeback mechanism. Specifically, it involves the function wait_sb_inodes() which waits for all pages under writeback to ensure data integrity.

The issue arises because some mappings, like fuse (Filesystem in Userspace), traditionally do not have data integrity semantics. The vulnerability caused the system to wait indefinitely if a faulty fuse server did not respond to write requests, leading to a hang.

The fix skips waiting on these AS_NO_DATA_INTEGRITY mappings, restoring fuse behavior so that sync operations become no-ops, preventing the system from waiting forever.

Impact Analysis

If your system uses fuse filesystems and is connected to a faulty fuse server that does not reply to write requests, this vulnerability could cause the system to hang indefinitely during writeback operations.

This means that processes waiting for writeback completion could be blocked forever, potentially causing system instability or degraded performance.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart