CVE-2026-23109
Unknown Unknown - Not Provided
Infinite Wait Vulnerability in Linux Kernel FUSE Writeback Handling

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the while() loop in wait_sb_inodes(), we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse, traditionally does not have data integrity semantics, there is no need to wait at all; we can simply skip these inodes. This restores fuse back to prior behavior where syncs are no-ops. This fixes a user regression where if a system is running a faulty fuse server that does not reply to issued write requests, this causes wait_sb_inodes() to wait forever.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23109
EUVD
EUVD-2026-5432
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.16 (inc) to 6.18.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's file system writeback mechanism. Specifically, it involves the function wait_sb_inodes() which waits for all pages under writeback to ensure data integrity.

The issue arises because some mappings, like fuse (Filesystem in Userspace), traditionally do not have data integrity semantics. The vulnerability caused the system to wait indefinitely if a faulty fuse server did not respond to write requests, leading to a hang.

The fix skips waiting on these AS_NO_DATA_INTEGRITY mappings, restoring fuse behavior so that sync operations become no-ops, preventing the system from waiting forever.


How can this vulnerability impact me? :

If your system uses fuse filesystems and is connected to a faulty fuse server that does not reply to write requests, this vulnerability could cause the system to hang indefinitely during writeback operations.

This means that processes waiting for writeback completion could be blocked forever, potentially causing system instability or degraded performance.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart