Description
In the Linux kernel, the following vulnerability has been resolved:

ceph: put folios not suitable for writeback

The batch holds references to the folios (see `filemap_get_folios`,
`folio_batch_release`), so we need to `folio_put` the folios we remove.

Tested on v6.18.
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs in the Linux kernel’s Ceph subsystem when folios that are not suitable for writeback are removed from a batch without first releasing their reference count via folio_put. This omission violates the kernel’s memory‑management protocol and can corrupt kernel memory. A successful exploitation could result in a kernel panic or a denial‑of‑service condition for the affected system.

Affected Systems

All Linux kernel builds that include the Ceph subsystem and have not applied the fix commit are at risk. The fix was validated on kernel version 6.18, indicating that kernel versions prior to 6.18 are likely affected; this version information is inferred from the testing note and is not explicitly enumerated in the asset list.

Risk and Exploitability

The CVSS score of 7.5 reflects a high severity, while the EPSS score of <1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. No explicit attack vector is detailed in the advisory, but kernel‑level memory‑corruption bugs of this nature typically require local access with elevated privileges; this is an inference based on the type of flaw.

Generated by OpenCVE AI on June 28, 2026 at 13:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to version 6.18 or later, which contains the corrective changes.
  • If a rapid kernel upgrade is not feasible, obtain and apply the patch commit 544576f0f05c4a759806acddfaaeb686f14fb4b0 to the source tree before recompiling the kernel.
  • After applying the patch or upgrading, monitor kernel logs (e.g., dmesg) for any folio_put errors or kernel panics that could indicate attempted exploitation.

Generated by OpenCVE AI on June 28, 2026 at 13:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Fri, 26 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios (see `filemap_get_folios`, `folio_batch_release`), so we need to `folio_put` the folios we remove. Tested on v6.18.
Title ceph: put folios not suitable for writeback
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-29T04:18:46.243Z

Reserved: 2026-06-09T07:44:35.373Z

Link: CVE-2026-52960

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52960 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T13:45:06Z

Weaknesses
  • CWE-911

    Improper Update of Reference Count