CVE-2026-23168
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-02-14

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: flex_proportions: make fprop_new_period() hardirq safe Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race: <timer fires> run_timer_softirq - we are in softirq context call_timer_fn writeout_period fprop_new_period write_seqcount_begin(&p->sequence); <hardirq is raised> ... blk_mq_end_request() blk_update_request() ext4_end_bio() folio_end_writeback() __wb_writeout_add() __fprop_add_percpu_max() if (unlikely(max_frac < FPROP_FRAC_BASE)) { fprop_fraction_percpu() seq = read_seqcount_begin(&p->sequence); - sees odd sequence so loops indefinitely Note that a deadlock like this is only possible if the bdi has configured maximum fraction of writeout throughput which is very rare in general but frequent for example for FUSE bdis. To fix this problem we have to make sure write section of the sequence counter is irqsafe.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-02-14
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23168
EUVD
EUVD-2026-5870
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.2 (inc) to 6.6.123 (exc)
linux linux_kernel 6.19
linux linux_kernel From 6.7 (inc) to 6.12.69 (exc)
linux linux_kernel 6.19
linux linux_kernel From 6.0 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's flexible proportions code, specifically related to the function fprop_new_period(). It involves a race condition between softirq and hardirq contexts that can cause a deadlock. When a timer fires in softirq context, it calls fprop_new_period(), which begins a write sequence. However, if a hardirq is raised during this process, the code may enter an infinite loop because it sees an odd sequence count and keeps looping indefinitely.

This deadlock occurs only if the backing device info (bdi) has configured a maximum fraction of writeout throughput, which is rare but more common in certain cases like FUSE bdis. The fix involves making the write section of the sequence counter safe against interrupts (irqsafe) to prevent this race condition.


How can this vulnerability impact me? :

This vulnerability can cause a deadlock in the Linux kernel's writeout process under certain rare conditions. Specifically, if the system uses a backing device with a configured maximum fraction of writeout throughput (such as FUSE bdis), the kernel may enter an infinite loop during writeback operations. This can lead to system instability, degraded performance, or a hang in the affected subsystem.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart