CVE-2026-31467
Deadlock in Linux Kernel EROFS Due to Memory Allocation Flaw
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's erofs file system code. Specifically, the bio completion path in process context (such as dm-verity) calls decompression directly instead of triggering another workqueue context. This leads to a call to vm_map_ram() with GFP_KERNEL. If there is insufficient memory, vm_map_ram() may cause memory swapping I/O, which can result in a deadlock in submit_bio_wait due to a non-NULL bio_list.
The issue arises because the bio completion path does not use GFP_NOIO to prevent I/O during memory allocation, causing a circular dependency and potential deadlock.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to deadlock during certain I/O operations involving the erofs file system and dm-verity. The deadlock occurs when memory allocation triggers swapping I/O, which then waits on bio completion that is already blocked, effectively halting the affected system processes.
Such a deadlock can lead to system hangs or degraded performance, impacting system stability and availability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by adding GFP_NOIO in the bio completion path to prevent deadlocks caused by memory swapping I/O during decompression in the Linux kernel.
To mitigate this vulnerability immediately, update your Linux kernel to a version that includes this fix.