CVE-2026-31455
Race Condition in Linux XFS Unmount Causes Potential Data Corruption
Publication date: 2026-04-22
Last updated on: 2026-05-05
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 5.11 (inc) to 5.15.203 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.168 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.131 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.80 (exc) |
| linux | linux_kernel | From 5.9 (inc) to 5.10.253 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's XFS filesystem unmount process. Specifically, during the unmount sequence in the function xfs_unmount_flush_inodes(), the Active Item List (AIL) was pushed while background reclaim and inode garbage collection (inodegc) were still running. This is problematic because inodegc can modify and add inodes to the AIL during the flush, and background reclaim can race to abort and free dirty inodes, leading to inconsistent or broken behavior.
The fix involves reordering the unmount process to stop inodegc and cancel background reclaim before pushing the AIL. This ensures that no background processes interfere with the AIL during unmount, preventing potential race conditions and data corruption.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is related to the Linux kernel's xfs filesystem unmount sequence. To mitigate this vulnerability, you should update your Linux kernel to a version where the issue has been resolved. The fix involves reordering the xfs_unmount_flush_inodes() function to stop inodegc and cancel background reclaim before pushing the AIL during unmount.
- Apply the latest kernel patches or upgrade to a kernel version released after 2026-04-22 that includes the fix.
- Avoid unmounting xfs filesystems on vulnerable kernel versions until patched.
How can this vulnerability impact me? :
This vulnerability can lead to data corruption or instability during the unmounting of XFS filesystems in the Linux kernel. Because background processes can modify or free inodes while the filesystem is being unmounted, it may cause filesystem inconsistencies, potential data loss, or system crashes.