Description
In the Linux kernel, the following vulnerability has been resolved:

dm cache: fix write hang in passthrough mode

The invalidate_remove() function has incomplete logic for handling write
hit bios after cache invalidation. It sets up the remapping for the
overwrite_bio but then drops it immediately without submission, causing
write operations to hang.

Fix by adding a new invalidate_committed() continuation that submits
the remapped writes to the cache origin after metadata commit completes,
while using the overwrite_endio hook to ensure proper completion
sequencing. This maintains existing coherency. Also improve error
handling in invalidate_complete() to preserve the original error status
instead of using bio_io_error() unconditionally.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s dm‑cache module contains a flaw in its invalidate_remove() routine: an overwrite bio is set up but discarded before submission during cache invalidation, causing write requests in passthrough mode to stall indefinitely. The issue does not compromise data confidentiality or integrity; it only disrupts availability by hanging write operations.

Affected Systems

Linux kernel releases that ship the dm‑cache driver without the recent commit adding invalidate_committed() and correcting error handling are vulnerable. Because the advisory does not list specific kernel versions, any unpatched kernel that includes the dm‑cache module and the historic write‑hang bug should be considered at risk.

Risk and Exploitability

With a CVSS score of 5.5 and an EPSS score of < 1 %, the likelihood of exploitation is low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector appears to require local access to trigger write commands on a device using dm‑cache passthrough mode, leading to a denial‑of‑service condition by stalling write operations.

Generated by OpenCVE AI on June 27, 2026 at 05:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the commit introducing invalidate_committed() and the corrected error handling logic.
  • If a kernel upgrade cannot be performed immediately, unload the dm‑cache module or disable passthrough mode on affected devices to prevent write requests from hanging.
  • Continuously monitor system logs and I/O performance for symptoms of stalled writes, and schedule maintenance to apply the patch at the earliest opportunity.

Generated by OpenCVE AI on June 27, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sat, 27 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-388
CWE-703

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-826
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-388
CWE-703

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidate_remove() function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwrite_bio but then drops it immediately without submission, causing write operations to hang. Fix by adding a new invalidate_committed() continuation that submits the remapped writes to the cache origin after metadata commit completes, while using the overwrite_endio hook to ensure proper completion sequencing. This maintains existing coherency. Also improve error handling in invalidate_complete() to preserve the original error status instead of using bio_io_error() unconditionally.
Title dm cache: fix write hang in passthrough mode
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:06.857Z

Reserved: 2026-06-09T07:44:35.382Z

Link: CVE-2026-53063

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53063 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T05:30:11Z

Weaknesses
  • CWE-826

    Premature Release of Resource During Expected Lifetime