CVE-2026-31467
Analyzed Analyzed - Analysis Complete
Deadlock in Linux Kernel EROFS Due to Memory Allocation Flaw

Publication date: 2026-04-22

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies, which can then call vm_map_ram() with GFP_KERNEL. Due to insufficient memory, vm_map_ram() may generate memory swapping I/O, which can cause submit_bio_wait to deadlock in some scenarios. Trimmed down the call stack, as follows: f2fs_submit_read_io submit_bio //bio_list is initialized. mmc_blk_mq_recovery z_erofs_endio vm_map_ram __pte_alloc_kernel __alloc_pages_direct_reclaim shrink_folio_list __swap_writepage submit_bio_wait //bio_list is non-NULL, hang!!! Use memalloc_noio_{save,restore}() to wrap up this path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31467
EUVD
EUVD-2026-24814
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.131 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.80 (exc)
linux linux_kernel From 5.13 (inc) to 5.15.203 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's erofs file system code. Specifically, the bio completion path in process context (such as dm-verity) calls decompression directly instead of triggering another workqueue context. This leads to a call to vm_map_ram() with GFP_KERNEL. If there is insufficient memory, vm_map_ram() may cause memory swapping I/O, which can result in a deadlock in submit_bio_wait due to a non-NULL bio_list.

The issue arises because the bio completion path does not use GFP_NOIO to prevent I/O during memory allocation, causing a circular dependency and potential deadlock.

Impact Analysis

This vulnerability can cause the Linux kernel to deadlock during certain I/O operations involving the erofs file system and dm-verity. The deadlock occurs when memory allocation triggers swapping I/O, which then waits on bio completion that is already blocked, effectively halting the affected system processes.

Such a deadlock can lead to system hangs or degraded performance, impacting system stability and availability.

Mitigation Strategies

The vulnerability has been resolved by adding GFP_NOIO in the bio completion path to prevent deadlocks caused by memory swapping I/O during decompression in the Linux kernel.

To mitigate this vulnerability immediately, update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31467. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart