Description
In the Linux kernel, the following vulnerability has been resolved:

flex_proportions: make fprop_new_period() hardirq safe

Bernd has reported a lockdep splat from flexible proportions code that is
essentially complaining about the following race:

<timer fires>
run_timer_softirq - we are in softirq context
call_timer_fn
writeout_period
fprop_new_period
write_seqcount_begin(&p->sequence);

<hardirq is raised>
...
blk_mq_end_request()
blk_update_request()
ext4_end_bio()
folio_end_writeback()
__wb_writeout_add()
__fprop_add_percpu_max()
if (unlikely(max_frac < FPROP_FRAC_BASE)) {
fprop_fraction_percpu()
seq = read_seqcount_begin(&p->sequence);
- sees odd sequence so loops indefinitely

Note that a deadlock like this is only possible if the bdi has configured
maximum fraction of writeout throughput which is very rare in general but
frequent for example for FUSE bdis. To fix this problem we have to make
sure write section of the sequence counter is irqsafe.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service through a deadlock or infinite loop
Action: Apply Patch
AI Analysis

Impact

In the Linux kernel, a race condition exists in the flexible proportions code: when fprop_new_period begins a sequence counter update while a hardirq is raised, the counter is not interrupt‑safe. The hardirq path can modify the counter, causing a read of an odd sequence and an indefinite loop in the writeout code. This deadlock stalls the write back‑out path, potentially leading to severe performance degradation or system unresponsiveness. The issue is most pronounced when a block device interface (BDI) has a non‑default maximum write‑out throughput fraction, as seen on FUSE devices.

Affected Systems

The flaw affects the Linux kernel across all releases that use the flexible proportions mechanism. At a minimum, the 6.19 release candidates 1 through 7 are known to be impacted, and any kernel version that has not yet applied the patch will also be vulnerable when the BDI maximum fraction is configured in a non‑default way.

Risk and Exploitability

The CVSS score is 5.5 indicating moderate severity, and the EPSS score is below 1%, suggesting a very low probability of widespread exploitation. The flaw is not present in CISA’s KEV list. Exploitation would require an attacker to be able to trigger the specific race condition which in practice is likely confined to local or privileged users with the ability to modify BDI write‑out settings or generate the necessary workloads. The impact is a denial of service rather than confidentiality or integrity compromise.

Generated by OpenCVE AI on April 17, 2026 at 19:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the system to a Linux kernel that includes the patch for flex_proportions (e.g., any kernel version newer than the 6.19 release candidates that contain the fix).
  • If an immediate kernel upgrade is not possible, configure block devices to avoid a high maximum write‑out throughput fraction—set the BDI write‑out fraction to its default or zero to eliminate the race condition path.
  • On systems that use FUSE block devices, disable or reduce the BDI write‑out fraction, or avoid write‑heavy workloads until the kernel is updated.

Generated by OpenCVE AI on April 17, 2026 at 19:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-574

Wed, 18 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Sat, 14 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: flex_proportions: make fprop_new_period() hardirq safe Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race: <timer fires> run_timer_softirq - we are in softirq context call_timer_fn writeout_period fprop_new_period write_seqcount_begin(&p->sequence); <hardirq is raised> ... blk_mq_end_request() blk_update_request() ext4_end_bio() folio_end_writeback() __wb_writeout_add() __fprop_add_percpu_max() if (unlikely(max_frac < FPROP_FRAC_BASE)) { fprop_fraction_percpu() seq = read_seqcount_begin(&p->sequence); - sees odd sequence so loops indefinitely Note that a deadlock like this is only possible if the bdi has configured maximum fraction of writeout throughput which is very rare in general but frequent for example for FUSE bdis. To fix this problem we have to make sure write section of the sequence counter is irqsafe.
Title flex_proportions: make fprop_new_period() hardirq safe
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T16:01:31.465Z

Reserved: 2026-01-13T15:37:45.981Z

Link: CVE-2026-23168

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T16:15:57.023

Modified: 2026-03-18T15:00:47.557

Link: CVE-2026-23168

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23168 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:45:25Z

Weaknesses