Description
In the Linux kernel, the following vulnerability has been resolved:

Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"

This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.

Original patch may cause below deadlock, revert it.

write remount
- write_begin
- lock_page --- lock A
- prepare_write_begin
- f2fs_map_lock
- f2fs_enable_checkpoint
- down_write(cp_enable_rwsem) --- lock B
- sync_inode_sb
- writepages
- lock_page --- lock A
- down_read(cp_enable_rwsem) --- lock A
Published: 2026-03-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via kernel lockup due to f2fs deadlock
Action: Patch Kernel
AI Analysis

Impact

The vulnerability arises in the f2fs filesystem’s block cache write routine, where a write operation and a remount acquire kernel locks in conflicting order. This can freeze the kernel, stopping all system activity and effectively denying service. The weakness is a deadlock scenario, classified as CWE‑667.

Affected Systems

The flaw affects any Linux kernel that incorporates the f2fs filesystem without the revert of commit 196c81fdd438f7ac429d5639090a9816abb9760a. No version list is specified, so all builds that contain the original code path are potentially impacted until the patch is applied.

Risk and Exploitability

The CVSS score is 5.5, indicating medium severity. The EPSS of less than 1% points to a very low probability of exploitation. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires a local user able to perform concurrent write operations and remount actions; this requirement is inferred from the description.

Generated by OpenCVE AI on April 15, 2026 at 17:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the f2fs deadlock fix or rebuild the kernel with the revert commit 196c81fdd438f7ac429d5639090a9816abb9760a.
  • If updating the kernel is not immediately possible, reapply the revert commit manually to the kernel source tree.
  • During maintenance or high‑risk periods, limit concurrent write operations and remount commands on affected systems to avoid the race condition.

Generated by OpenCVE AI on April 15, 2026 at 17:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 05 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a. Original patch may cause below deadlock, revert it. write remount - write_begin - lock_page --- lock A - prepare_write_begin - f2fs_map_lock - f2fs_enable_checkpoint - down_write(cp_enable_rwsem) --- lock B - sync_inode_sb - writepages - lock_page --- lock A - down_read(cp_enable_rwsem) --- lock A
Title Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:02:49.220Z

Reserved: 2026-01-13T15:37:45.988Z

Link: CVE-2026-23232

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T15:16:13.477

Modified: 2026-03-17T21:21:42.327

Link: CVE-2026-23232

cve-icon Redhat

Severity :

Publid Date: 2026-03-04T00:00:00Z

Links: CVE-2026-23232 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T18:00:15Z

Weaknesses