Description
In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix deadlock in jbd2_journal_cancel_revoke()

Commit f76d4c28a46a ("fs/jbd2: use sleeping version of
__find_get_block()") changed jbd2_journal_cancel_revoke() to use
__find_get_block_nonatomic() which holds the folio lock instead of
i_private_lock. This breaks the lock ordering (folio -> buffer) and
causes an ABBA deadlock when the filesystem blocksize < pagesize:

T1 T2
ext4_mkdir()
ext4_init_new_dir()
ext4_append()
ext4_getblk()
lock_buffer() <- A
sync_blockdev()
blkdev_writepages()
writeback_iter()
writeback_get_folio()
folio_lock() <- B
ext4_journal_get_create_access()
jbd2_journal_cancel_revoke()
__find_get_block_nonatomic()
folio_lock() <- B
block_write_full_folio()
lock_buffer() <- A

This can occasionally cause generic/013 to hang.

Fix by only calling __find_get_block_nonatomic() when the passed
buffer_head doesn't belong to the bdev, which is the only case that we
need to look up its bdev alias. Otherwise, the lookup is redundant since
the found buffer_head is equal to the one we passed in.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves a deadlock in the Linux kernel’s ext4 journaling path, specifically in the function jbd2_journal_cancel_revoke(), and represents CWE‑667 and CWE‑833. The lock ordering conflict between folio and buffer locks triggers an ABBA deadlock when the filesystem blocksize is smaller than the page size, which can cause system hangs or a generic kernel panic. The resulting denial of service allows a misbehaving user to force the entire system to become unresponsive or require a reboot.

Affected Systems

All Linux kernel builds that include ext4 and use the jbd2 journaling code are affected. The issue existed in kernels before commit f76d4c28a46a, which replaced the unsafe lock handling with a safer implementation. Distributions shipping kernels that do not include this commit are at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is less than 1%, implying a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation would require local filesystem operations, such as creating or modifying directories. Exploitation would likely lead to local denial‑of‑service rather than remote code execution. The impact results in system hangs or requiring a reboot, thus representing a denial of service.

Generated by OpenCVE AI on June 17, 2026 at 02:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes commit f76d4c28a46a, which replaces the offending code in jbd2_journal_cancel_revoke() with a safer function that avoids the lock‑ordering conflict.
  • If an immediate kernel upgrade is not possible, consider disabling or reducing journaling on the affected ext4 filesystems, such as mounting with the data=writeback mode or converting to a non‑journaled filesystem, to eliminate the path that triggers the deadlock.
  • Enable kernel debugging tools such as lockdep or kprobes on systems where the issue persists, to detect and log lock‑ordering violations and confirm that the patch has resolved the problem.

Generated by OpenCVE AI on June 17, 2026 at 02:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:6.15:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc7:*:*:*:*:*:*

Thu, 28 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2_journal_cancel_revoke() Commit f76d4c28a46a ("fs/jbd2: use sleeping version of __find_get_block()") changed jbd2_journal_cancel_revoke() to use __find_get_block_nonatomic() which holds the folio lock instead of i_private_lock. This breaks the lock ordering (folio -> buffer) and causes an ABBA deadlock when the filesystem blocksize < pagesize: T1 T2 ext4_mkdir() ext4_init_new_dir() ext4_append() ext4_getblk() lock_buffer() <- A sync_blockdev() blkdev_writepages() writeback_iter() writeback_get_folio() folio_lock() <- B ext4_journal_get_create_access() jbd2_journal_cancel_revoke() __find_get_block_nonatomic() folio_lock() <- B block_write_full_folio() lock_buffer() <- A This can occasionally cause generic/013 to hang. Fix by only calling __find_get_block_nonatomic() when the passed buffer_head doesn't belong to the bdev, which is the only case that we need to look up its bdev alias. Otherwise, the lookup is redundant since the found buffer_head is equal to the one we passed in.
Title jbd2: fix deadlock in jbd2_journal_cancel_revoke()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:51:27.666Z

Reserved: 2026-05-13T15:03:33.095Z

Link: CVE-2026-46061

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:25.883

Modified: 2026-06-16T01:17:18.717

Link: CVE-2026-46061

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46061 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T03:00:16Z

Weaknesses