CVE-2026-23168 (GCVE-0-2026-23168)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:01 – Updated: 2026-02-14 16:01
VLAI?
Title
flex_proportions: make fprop_new_period() hardirq safe
Summary
In the Linux kernel, the following vulnerability has been resolved:
flex_proportions: make fprop_new_period() hardirq safe
Bernd has reported a lockdep splat from flexible proportions code that is
essentially complaining about the following race:
<timer fires>
run_timer_softirq - we are in softirq context
call_timer_fn
writeout_period
fprop_new_period
write_seqcount_begin(&p->sequence);
<hardirq is raised>
...
blk_mq_end_request()
blk_update_request()
ext4_end_bio()
folio_end_writeback()
__wb_writeout_add()
__fprop_add_percpu_max()
if (unlikely(max_frac < FPROP_FRAC_BASE)) {
fprop_fraction_percpu()
seq = read_seqcount_begin(&p->sequence);
- sees odd sequence so loops indefinitely
Note that a deadlock like this is only possible if the bdi has configured
maximum fraction of writeout throughput which is very rare in general but
frequent for example for FUSE bdis. To fix this problem we have to make
sure write section of the sequence counter is irqsafe.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a91befde350375b1ff954635acdde14dc92cd9a8 , < 0acc9ba7a1b5ba4d998c5753e709be904e179b75
(git)
Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < 884b2590ffcc7222cbbd6298051f4c243cc36f5d (git) Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < 78ede9ebd679dadf480dce6f7b798e3603f88348 (git) Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < b91a84299d72ae0e05551e851e47cd3008bd025b (git) Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/flex_proportions.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0acc9ba7a1b5ba4d998c5753e709be904e179b75",
"status": "affected",
"version": "a91befde350375b1ff954635acdde14dc92cd9a8",
"versionType": "git"
},
{
"lessThan": "884b2590ffcc7222cbbd6298051f4c243cc36f5d",
"status": "affected",
"version": "a91befde350375b1ff954635acdde14dc92cd9a8",
"versionType": "git"
},
{
"lessThan": "78ede9ebd679dadf480dce6f7b798e3603f88348",
"status": "affected",
"version": "a91befde350375b1ff954635acdde14dc92cd9a8",
"versionType": "git"
},
{
"lessThan": "b91a84299d72ae0e05551e851e47cd3008bd025b",
"status": "affected",
"version": "a91befde350375b1ff954635acdde14dc92cd9a8",
"versionType": "git"
},
{
"lessThan": "dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc",
"status": "affected",
"version": "a91befde350375b1ff954635acdde14dc92cd9a8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/flex_proportions.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.123",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.69",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.123",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.69",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nflex_proportions: make fprop_new_period() hardirq safe\n\nBernd has reported a lockdep splat from flexible proportions code that is\nessentially complaining about the following race:\n\n\u003ctimer fires\u003e\nrun_timer_softirq - we are in softirq context\n call_timer_fn\n writeout_period\n fprop_new_period\n write_seqcount_begin(\u0026p-\u003esequence);\n\n \u003chardirq is raised\u003e\n ...\n blk_mq_end_request()\n\t blk_update_request()\n\t ext4_end_bio()\n\t folio_end_writeback()\n\t\t__wb_writeout_add()\n\t\t __fprop_add_percpu_max()\n\t\t if (unlikely(max_frac \u003c FPROP_FRAC_BASE)) {\n\t\t fprop_fraction_percpu()\n\t\t\tseq = read_seqcount_begin(\u0026p-\u003esequence);\n\t\t\t - sees odd sequence so loops indefinitely\n\nNote that a deadlock like this is only possible if the bdi has configured\nmaximum fraction of writeout throughput which is very rare in general but\nfrequent for example for FUSE bdis. To fix this problem we have to make\nsure write section of the sequence counter is irqsafe."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-14T16:01:31.465Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0acc9ba7a1b5ba4d998c5753e709be904e179b75"
},
{
"url": "https://git.kernel.org/stable/c/884b2590ffcc7222cbbd6298051f4c243cc36f5d"
},
{
"url": "https://git.kernel.org/stable/c/78ede9ebd679dadf480dce6f7b798e3603f88348"
},
{
"url": "https://git.kernel.org/stable/c/b91a84299d72ae0e05551e851e47cd3008bd025b"
},
{
"url": "https://git.kernel.org/stable/c/dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc"
}
],
"title": "flex_proportions: make fprop_new_period() hardirq safe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23168",
"datePublished": "2026-02-14T16:01:31.465Z",
"dateReserved": "2026-01-13T15:37:45.981Z",
"dateUpdated": "2026-02-14T16:01:31.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23168\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-02-14T16:15:57.023\",\"lastModified\":\"2026-02-14T16:15:57.023\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nflex_proportions: make fprop_new_period() hardirq safe\\n\\nBernd has reported a lockdep splat from flexible proportions code that is\\nessentially complaining about the following race:\\n\\n\u003ctimer fires\u003e\\nrun_timer_softirq - we are in softirq context\\n call_timer_fn\\n writeout_period\\n fprop_new_period\\n write_seqcount_begin(\u0026p-\u003esequence);\\n\\n \u003chardirq is raised\u003e\\n ...\\n blk_mq_end_request()\\n\\t blk_update_request()\\n\\t ext4_end_bio()\\n\\t folio_end_writeback()\\n\\t\\t__wb_writeout_add()\\n\\t\\t __fprop_add_percpu_max()\\n\\t\\t if (unlikely(max_frac \u003c FPROP_FRAC_BASE)) {\\n\\t\\t fprop_fraction_percpu()\\n\\t\\t\\tseq = read_seqcount_begin(\u0026p-\u003esequence);\\n\\t\\t\\t - sees odd sequence so loops indefinitely\\n\\nNote that a deadlock like this is only possible if the bdi has configured\\nmaximum fraction of writeout throughput which is very rare in general but\\nfrequent for example for FUSE bdis. To fix this problem we have to make\\nsure write section of the sequence counter is irqsafe.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0acc9ba7a1b5ba4d998c5753e709be904e179b75\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/78ede9ebd679dadf480dce6f7b798e3603f88348\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/884b2590ffcc7222cbbd6298051f4c243cc36f5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b91a84299d72ae0e05551e851e47cd3008bd025b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…