Description
In the Linux kernel, the following vulnerability has been resolved:

PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask()

Commit 35e4a69b2003f ("PM: sleep: Allow pm_restrict_gfp_mask()
stacking") introduced refcount-based GFP mask management that warns
when pm_restore_gfp_mask() is called with saved_gfp_count == 0.

Some hibernation paths call pm_restore_gfp_mask() defensively where
the GFP mask may or may not be restricted depending on the execution
path. For example, the uswsusp interface invokes it in
SNAPSHOT_CREATE_IMAGE, SNAPSHOT_UNFREEZE, and snapshot_release().
Before the stacking change this was a silent no-op; it now triggers
a spurious WARNING.

Remove the WARN_ON() wrapper from the !saved_gfp_count check while
retaining the check itself, so that defensive calls remain harmless
without producing false warnings.

[ rjw: Subject tweak ]
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: False warning flooding and misleading diagnostics, which can obscure legitimate alerts and potentially affect log‑based monitoring systems
Action: Apply patch
AI Analysis

Impact

A recent change to the Linux kernel introduced a spurious warning in the power management subsystem – specifically when pm_restore_gfp_mask() is called in hibernation paths that may or may not have a restricted GFP mask. The added WARN_ON() triggers a console warning even when the function call is defensive and benign, leading to unnecessary log entries but no direct compromise of confidentiality, integrity or availability. The impact is primarily operational, as it can overwhelm system logs or mislead operators into thinking a real problem exists.

Affected Systems

The issue affects all Linux kernel releases that incorporated commit 35e4a69b2003f without the subsequent fix. No specific version range is provided in the CNA data, but the vulnerability is present in the kernel source before the removal of the WARN_ON() wrapper. Systems running older kernels that have not yet applied this patch are susceptible.

Risk and Exploitability

With a CVSS score of 5.5 the vulnerability is considered moderate. The EPSS score is below 1 % and the vulnerability is not listed in CISA’s KEV catalog, indicating a low likelihood of exploitation. The issue is local to the kernel and requires privileged execution; an attacker would need to execute or influence kernel code to trigger these warnings, which does not provide any direct foothold or privilege escalation. The primary risk lies in operational noise rather than security compromise.

Generated by OpenCVE AI on April 29, 2026 at 01:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that incorporates the removal of the spurious WARN_ON() in pm_restore_gfp_mask()
  • If an upgrade is not immediately possible, monitor system logs for excessive "WARN_ON entries from pm_restore_gfp_mask()" to prevent misdiagnosis of actual issues
  • Configure log rotation or syslog restrictions to limit the impact of spurious warnings on log storage and alerting systems

Generated by OpenCVE AI on April 29, 2026 at 01:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
CPEs cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-440
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask() Commit 35e4a69b2003f ("PM: sleep: Allow pm_restrict_gfp_mask() stacking") introduced refcount-based GFP mask management that warns when pm_restore_gfp_mask() is called with saved_gfp_count == 0. Some hibernation paths call pm_restore_gfp_mask() defensively where the GFP mask may or may not be restricted depending on the execution path. For example, the uswsusp interface invokes it in SNAPSHOT_CREATE_IMAGE, SNAPSHOT_UNFREEZE, and snapshot_release(). Before the stacking change this was a silent no-op; it now triggers a spurious WARNING. Remove the WARN_ON() wrapper from the !saved_gfp_count check while retaining the check itself, so that defensive calls remain harmless without producing false warnings. [ rjw: Subject tweak ]
Title PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:11:17.209Z

Reserved: 2026-03-09T15:48:24.117Z

Link: CVE-2026-31567

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:31.197

Modified: 2026-04-27T20:32:24.453

Link: CVE-2026-31567

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31567 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:45:26Z

Weaknesses