CVE-2026-46061
Analyzed Analyzed - Analysis Complete
Deadlock in Linux Kernel JBD2 Journaling Layer

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2_journal_cancel_revoke() Commit f76d4c28a46a ("fs/jbd2: use sleeping version of __find_get_block()") changed jbd2_journal_cancel_revoke() to use __find_get_block_nonatomic() which holds the folio lock instead of i_private_lock. This breaks the lock ordering (folio -> buffer) and causes an ABBA deadlock when the filesystem blocksize < pagesize: T1 T2 ext4_mkdir() ext4_init_new_dir() ext4_append() ext4_getblk() lock_buffer() <- A sync_blockdev() blkdev_writepages() writeback_iter() writeback_get_folio() folio_lock() <- B ext4_journal_get_create_access() jbd2_journal_cancel_revoke() __find_get_block_nonatomic() folio_lock() <- B block_write_full_folio() lock_buffer() <- A This can occasionally cause generic/013 to hang. Fix by only calling __find_get_block_nonatomic() when the passed buffer_head doesn't belong to the bdev, which is the only case that we need to look up its bdev alias. Otherwise, the lookup is redundant since the found buffer_head is equal to the one we passed in.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46061
EUVD
EUVD-2026-32443
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel From 6.14.9 (inc) to 6.15 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 6.12.31 (inc) to 6.12.86 (exc)
linux linux_kernel From 6.15.1 (inc) to 6.18.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a deadlock issue in the Linux kernel's jbd2 journaling system, specifically in the function jbd2_journal_cancel_revoke().

A code change caused the function to use __find_get_block_nonatomic(), which holds a folio lock instead of the previous i_private_lock. This change breaks the expected lock ordering (folio lock before buffer lock), leading to an ABBA deadlock scenario when the filesystem block size is smaller than the page size.

The deadlock occurs because two threads try to acquire locks in conflicting orders, causing the system to hang occasionally.

The fix involves only calling __find_get_block_nonatomic() when necessary, avoiding redundant lookups and preventing the deadlock.

Impact Analysis

This vulnerability can cause the system to hang due to a deadlock in the filesystem journaling process.

Such hangs can lead to degraded system performance, unresponsiveness, and potential data access delays or failures.

In environments relying on the Linux kernel for critical operations, this could impact availability and reliability.

Detection Guidance

This vulnerability causes an ABBA deadlock in the Linux kernel's jbd2 journaling system, which can occasionally cause the generic/013 process to hang.

Detection can focus on identifying system hangs or deadlocks related to filesystem operations, especially those involving ext4 and jbd2 journaling.

You can monitor for hung processes or deadlocks using commands like:

  • ps -ef | grep generic/013 # Check if the generic/013 process is hung
  • dmesg | grep -i deadlock # Look for kernel deadlock messages
  • cat /proc/locks # Check for lock contention
  • perf lock record && perf lock report # Analyze lock contention and deadlocks

Since the issue is related to lock ordering in jbd2_journal_cancel_revoke(), monitoring filesystem-related kernel logs and system hangs during heavy ext4 filesystem operations may help detect the vulnerability.

Mitigation Strategies

The vulnerability is fixed by a kernel patch that changes jbd2_journal_cancel_revoke() to only call __find_get_block_nonatomic() when necessary, avoiding the lock ordering deadlock.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix (commit f76d4c28a46a or later).
  • Avoid running heavy filesystem operations on ext4 filesystems with blocksize smaller than the page size until the patch is applied.
  • Monitor system logs and processes for signs of deadlock or hangs and restart affected services or the system if necessary.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46061. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart