Description
In the Linux kernel, the following vulnerability has been resolved:

NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages

LOCALIO is an NFS loopback mount optimization that avoids using the
network for READ, WRITE and COMMIT if the NFS client and server are
determined to be on the same system. But because LOCALIO is still
fundamentally "just NFS loopback mount" it is susceptible to recursion
deadlock via direct reclaim, e.g.: NFS LOCALIO down to XFS and then
back into NFS via nfs_writepages.

Fix LOCALIO's potential for direct reclaim deadlock by ensuring that
all its page cache allocations are done from GFP_NOFS context.

Thanks to Ben Coddington for pointing out commit ad22c7a043c2 ("xfs:
prevent stack overflows from page cache allocation").
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel's LOCALIO NFS loopback mount optimization allows a recursion deadlock during direct reclaim. The bug stems from allocating page cache in an improper context, which can cause a LOCALIO mount that chains through XFS back into NFS via nfs_writepages to recursively reclaim pages until the kernel becomes blocked and system resources are exhausted, resulting in a denial of service. This is a manifestation of the loopback mount vulnerability (CWE-667) and the recursive deadlock flaw (CWE-833).

Affected Systems

All Linux kernel builds that include the NFS LOCALIO loopback mount and were compiled before the patch commit ad22c7a043c2 are affected. The vulnerability applies to every version of the Linux kernel that implements this optimization and has not yet been updated to the fixed code.

Risk and Exploitability

The likely attack vector is local, requiring privileged access to set up a LOCALIO mount. No public exploits have been disclosed and the EPSS score is < 1%. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog. The CVSS score of 5.5 indicates a medium severity, and because the flaw can lead to a kernel deadlock, it poses a denial of service risk if triggered, but its exploitability is limited to environments where a malicious user can mount a LOCALIO NFS loopback.

Generated by OpenCVE AI on June 9, 2026 at 23:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the patch commit ad22c7a043c2, ensuring that LOCALIO page cache allocations use GFP_NOFS context
  • If an immediate kernel upgrade is not viable, disable NFS LOCALIO mounts by removing any "local_io" options from fstab or mount commands to prevent the deadlock path
  • Monitor system logs for signs of kernel deadlock or excessive memory usage that may indicate an attempt to exploit this recursion, and apply system hardening measures to restrict local privileged access

Generated by OpenCVE AI on June 9, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667

Thu, 04 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-674

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 03 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-674

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on the same system. But because LOCALIO is still fundamentally "just NFS loopback mount" it is susceptible to recursion deadlock via direct reclaim, e.g.: NFS LOCALIO down to XFS and then back into NFS via nfs_writepages. Fix LOCALIO's potential for direct reclaim deadlock by ensuring that all its page cache allocations are done from GFP_NOFS context. Thanks to Ben Coddington for pointing out commit ad22c7a043c2 ("xfs: prevent stack overflows from page cache allocation").
Title NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:49:53.168Z

Reserved: 2026-05-13T15:03:33.108Z

Link: CVE-2026-46256

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:26.607

Modified: 2026-06-09T20:10:27.700

Link: CVE-2026-46256

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46256 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:45:15Z

Weaknesses