CVE-2026-31465
Received Received - Intake
Writeback Sync Hang Vulnerability in Linux Kernel Filesystems

Publication date: 2026-04-22

Last updated on: 2026-04-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB_I_NO_DATA_INTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync (eg fuse). For superblocks with this flag set, sync kicks off writeback of dirty inodes but does not wait for the flusher threads to complete the writeback. This replaces the per-inode AS_NO_DATA_INTEGRITY mapping flag added in commit f9a49aa302a0 ("fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes()"). The flag belongs at the superblock level because data integrity is a filesystem-wide property, not a per-inode one. Having this flag at the superblock level also allows us to skip having to iterate every dirty inode in wait_sb_inodes() only to skip each inode individually. Prior to this commit, mappings with no data integrity guarantees skipped waiting on writeback completion but still waited on the flusher threads to finish initiating the writeback. Waiting on the flusher threads is unnecessary. This commit kicks off writeback but does not wait on the flusher threads. This change properly addresses a recent report [1] for a suspend-to-RAM hang seen on fuse-overlayfs that was caused by waiting on the flusher threads to finish: Workqueue: pm_fs_sync pm_fs_sync_work_fn Call Trace: <TASK> __schedule+0x457/0x1720 schedule+0x27/0xd0 wb_wait_for_completion+0x97/0xe0 sync_inodes_sb+0xf8/0x2e0 __iterate_supers+0xdc/0x160 ksys_sync+0x43/0xb0 pm_fs_sync_work_fn+0x17/0xa0 process_one_work+0x193/0x350 worker_thread+0x1a1/0x310 kthread+0xfc/0x240 ret_from_fork+0x243/0x280 ret_from_fork_asm+0x1a/0x30 </TASK> On fuse this is problematic because there are paths that may cause the flusher thread to block (eg if systemd freezes the user session cgroups first, which freezes the fuse daemon, before invoking the kernel suspend. The kernel suspend triggers ->write_node() which on fuse issues a synchronous setattr request, which cannot be processed since the daemon is frozen. Or if the daemon is buggy and cannot properly complete writeback, initiating writeback on a dirty folio already under writeback leads to writeback_get_folio() -> folio_prepare_writeback() -> unconditional wait on writeback to finish, which will cause a hang). This commit restores fuse to its prior behavior before tmp folios were removed, where sync was essentially a no-op. [1] https://lore.kernel.org/linux-fsdevel/CAJnrk1a-asuvfrbKXbEwwDSctvemF+6zfhdnuzO65Pt8HsFSRw@mail.gmail.com/T/#m632c4648e9cafc4239299887109ebd880ac6c5c1
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-22
Generated
2026-05-07
AI Q&A
2026-04-22
EPSS Evaluated
2026-05-05
NVD
CVE-2026-31465
EUVD
EUVD-2026-24809
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by a kernel update that adds a superblock flag (SB_I_NO_DATA_INTEGRITY) for filesystems without data integrity guarantees, such as fuse. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

This update prevents the kernel from blocking sync operations on such filesystems, avoiding hangs during suspend-to-RAM caused by waiting on flusher threads.


Can you explain this vulnerability to me?

This vulnerability relates to the Linux kernel's handling of writeback synchronization for filesystems that do not guarantee data integrity, such as fuse. Previously, the kernel would wait on flusher threads to complete writeback during sync operations, which could cause hangs, especially in scenarios like suspend-to-RAM when the fuse daemon is frozen or buggy.

The fix introduces a superblock-level flag (SB_I_NO_DATA_INTEGRITY) to indicate filesystems without data integrity guarantees. For these filesystems, sync initiates writeback of dirty inodes but does not wait for the flusher threads to finish, preventing the system from hanging.


How can this vulnerability impact me? :

If affected, this vulnerability can cause the system to hang during sync operations, particularly during suspend-to-RAM, when using filesystems like fuse that do not guarantee data integrity. This happens because the kernel waits on flusher threads that may be blocked if the fuse daemon is frozen or malfunctioning.

Such hangs can lead to system unresponsiveness, potentially causing data loss or requiring a hard reboot, impacting system stability and availability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart