CVE-2026-31467
Analyzed Analyzed - Analysis Complete
Deadlock in Linux Kernel EROFS Due to Memory Allocation Flaw

Publication date: 2026-04-22

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies, which can then call vm_map_ram() with GFP_KERNEL. Due to insufficient memory, vm_map_ram() may generate memory swapping I/O, which can cause submit_bio_wait to deadlock in some scenarios. Trimmed down the call stack, as follows: f2fs_submit_read_io submit_bio //bio_list is initialized. mmc_blk_mq_recovery z_erofs_endio vm_map_ram __pte_alloc_kernel __alloc_pages_direct_reclaim shrink_folio_list __swap_writepage submit_bio_wait //bio_list is non-NULL, hang!!! Use memalloc_noio_{save,restore}() to wrap up this path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-07
Generated
2026-05-27
AI Q&A
2026-04-22
EPSS Evaluated
2026-05-26
NVD
CVE-2026-31467
EUVD
EUVD-2026-24814
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.131 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.80 (exc)
linux linux_kernel From 5.13 (inc) to 5.15.203 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's erofs file system code. Specifically, the bio completion path in process context (such as dm-verity) calls decompression directly instead of triggering another workqueue context. This leads to a call to vm_map_ram() with GFP_KERNEL. If there is insufficient memory, vm_map_ram() may cause memory swapping I/O, which can result in a deadlock in submit_bio_wait due to a non-NULL bio_list.

The issue arises because the bio completion path does not use GFP_NOIO to prevent I/O during memory allocation, causing a circular dependency and potential deadlock.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to deadlock during certain I/O operations involving the erofs file system and dm-verity. The deadlock occurs when memory allocation triggers swapping I/O, which then waits on bio completion that is already blocked, effectively halting the affected system processes.

Such a deadlock can lead to system hangs or degraded performance, impacting system stability and availability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by adding GFP_NOIO in the bio completion path to prevent deadlocks caused by memory swapping I/O during decompression in the Linux kernel.

To mitigate this vulnerability immediately, update your Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart