CVE-2026-23168 (GCVE-0-2026-23168)

Vulnerability from cvelistv5 – Published: 2026-02-14 16:01 – Updated: 2026-05-11 22:01
VLAI
Title
flex_proportions: make fprop_new_period() hardirq safe
Summary
In the Linux kernel, the following vulnerability has been resolved: flex_proportions: make fprop_new_period() hardirq safe Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race: <timer fires> run_timer_softirq - we are in softirq context call_timer_fn writeout_period fprop_new_period write_seqcount_begin(&p->sequence); <hardirq is raised> ... blk_mq_end_request() blk_update_request() ext4_end_bio() folio_end_writeback() __wb_writeout_add() __fprop_add_percpu_max() if (unlikely(max_frac < FPROP_FRAC_BASE)) { fprop_fraction_percpu() seq = read_seqcount_begin(&p->sequence); - sees odd sequence so loops indefinitely Note that a deadlock like this is only possible if the bdi has configured maximum fraction of writeout throughput which is very rare in general but frequent for example for FUSE bdis. To fix this problem we have to make sure write section of the sequence counter is irqsafe.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < 0acc9ba7a1b5ba4d998c5753e709be904e179b75 (git)
Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < 884b2590ffcc7222cbbd6298051f4c243cc36f5d (git)
Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < 78ede9ebd679dadf480dce6f7b798e3603f88348 (git)
Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < b91a84299d72ae0e05551e851e47cd3008bd025b (git)
Affected: a91befde350375b1ff954635acdde14dc92cd9a8 , < dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc (git)
Create a notification for this product.
Linux Linux Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 6.1.162 , ≤ 6.1.* (semver)
Unaffected: 6.6.123 , ≤ 6.6.* (semver)
Unaffected: 6.12.69 , ≤ 6.12.* (semver)
Unaffected: 6.18.9 , ≤ 6.18.* (semver)
Unaffected: 6.19 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/flex_proportions.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0acc9ba7a1b5ba4d998c5753e709be904e179b75",
              "status": "affected",
              "version": "a91befde350375b1ff954635acdde14dc92cd9a8",
              "versionType": "git"
            },
            {
              "lessThan": "884b2590ffcc7222cbbd6298051f4c243cc36f5d",
              "status": "affected",
              "version": "a91befde350375b1ff954635acdde14dc92cd9a8",
              "versionType": "git"
            },
            {
              "lessThan": "78ede9ebd679dadf480dce6f7b798e3603f88348",
              "status": "affected",
              "version": "a91befde350375b1ff954635acdde14dc92cd9a8",
              "versionType": "git"
            },
            {
              "lessThan": "b91a84299d72ae0e05551e851e47cd3008bd025b",
              "status": "affected",
              "version": "a91befde350375b1ff954635acdde14dc92cd9a8",
              "versionType": "git"
            },
            {
              "lessThan": "dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc",
              "status": "affected",
              "version": "a91befde350375b1ff954635acdde14dc92cd9a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/flex_proportions.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.123",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.69",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.162",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.123",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.69",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.9",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nflex_proportions: make fprop_new_period() hardirq safe\n\nBernd has reported a lockdep splat from flexible proportions code that is\nessentially complaining about the following race:\n\n\u003ctimer fires\u003e\nrun_timer_softirq - we are in softirq context\n  call_timer_fn\n    writeout_period\n      fprop_new_period\n        write_seqcount_begin(\u0026p-\u003esequence);\n\n        \u003chardirq is raised\u003e\n        ...\n        blk_mq_end_request()\n\t  blk_update_request()\n\t    ext4_end_bio()\n\t      folio_end_writeback()\n\t\t__wb_writeout_add()\n\t\t  __fprop_add_percpu_max()\n\t\t    if (unlikely(max_frac \u003c FPROP_FRAC_BASE)) {\n\t\t      fprop_fraction_percpu()\n\t\t\tseq = read_seqcount_begin(\u0026p-\u003esequence);\n\t\t\t  - sees odd sequence so loops indefinitely\n\nNote that a deadlock like this is only possible if the bdi has configured\nmaximum fraction of writeout throughput which is very rare in general but\nfrequent for example for FUSE bdis.  To fix this problem we have to make\nsure write section of the sequence counter is irqsafe."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:01:38.422Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0acc9ba7a1b5ba4d998c5753e709be904e179b75"
        },
        {
          "url": "https://git.kernel.org/stable/c/884b2590ffcc7222cbbd6298051f4c243cc36f5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/78ede9ebd679dadf480dce6f7b798e3603f88348"
        },
        {
          "url": "https://git.kernel.org/stable/c/b91a84299d72ae0e05551e851e47cd3008bd025b"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc"
        }
      ],
      "title": "flex_proportions: make fprop_new_period() hardirq safe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23168",
    "datePublished": "2026-02-14T16:01:31.465Z",
    "dateReserved": "2026-01-13T15:37:45.981Z",
    "dateUpdated": "2026-05-11T22:01:38.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-23168",
      "date": "2026-05-26",
      "epss": "0.00018",
      "percentile": "0.04724"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23168\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-02-14T16:15:57.023\",\"lastModified\":\"2026-03-18T15:00:47.557\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nflex_proportions: make fprop_new_period() hardirq safe\\n\\nBernd has reported a lockdep splat from flexible proportions code that is\\nessentially complaining about the following race:\\n\\n\u003ctimer fires\u003e\\nrun_timer_softirq - we are in softirq context\\n  call_timer_fn\\n    writeout_period\\n      fprop_new_period\\n        write_seqcount_begin(\u0026p-\u003esequence);\\n\\n        \u003chardirq is raised\u003e\\n        ...\\n        blk_mq_end_request()\\n\\t  blk_update_request()\\n\\t    ext4_end_bio()\\n\\t      folio_end_writeback()\\n\\t\\t__wb_writeout_add()\\n\\t\\t  __fprop_add_percpu_max()\\n\\t\\t    if (unlikely(max_frac \u003c FPROP_FRAC_BASE)) {\\n\\t\\t      fprop_fraction_percpu()\\n\\t\\t\\tseq = read_seqcount_begin(\u0026p-\u003esequence);\\n\\t\\t\\t  - sees odd sequence so loops indefinitely\\n\\nNote that a deadlock like this is only possible if the bdi has configured\\nmaximum fraction of writeout throughput which is very rare in general but\\nfrequent for example for FUSE bdis.  To fix this problem we have to make\\nsure write section of the sequence counter is irqsafe.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nflex_proportions: hacer que fprop_new_period() sea seguro para hardirq\\n\\nBernd ha reportado un lockdep splat del c\u00f3digo de proporciones flexibles que esencialmente se queja de la siguiente condici\u00f3n de carrera:\\n\\n\\nrun_timer_softirq - estamos en contexto de softirq\\n  call_timer_fn\\n    writeout_period\\n      fprop_new_period\\n        write_seqcount_begin(\u0026amp;p-\u0026gt;sequence);\\n\\n        \\n        ...\\n        blk_mq_end_request()\\n\\t  blk_update_request()\\n\\t    ext4_end_bio()\\n\\t      folio_end_writeback()\\n\\t\\t__wb_writeout_add()\\n\\t\\t  __fprop_add_percpu_max()\\n\\t\\t    if (unlikely(max_frac \u0026lt; FPROP_FRAC_BASE)) {\\n\\t\\t      fprop_fraction_percpu()\\n\\t\\t\\tseq = read_seqcount_begin(\u0026amp;p-\u0026gt;sequence);\\n\\t\\t\\t  - ve una secuencia impar por lo que entra en un bucle indefinido\\n\\nTenga en cuenta que un interbloqueo como este solo es posible si el bdi ha configurado una fracci\u00f3n m\u00e1xima de rendimiento de escritura, lo cual es muy raro en general pero frecuente, por ejemplo, para bdis FUSE. Para solucionar este problema, tenemos que asegurarnos de que la secci\u00f3n de escritura del contador de secuencia sea irqsafe.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndExcluding\":\"6.1.162\",\"matchCriteriaId\":\"83DE4E0F-B87E-49B8-B0C7-D01CE9B22054\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.123\",\"matchCriteriaId\":\"316D8D4E-FE44-4C76-8403-63CAF51EEFC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.69\",\"matchCriteriaId\":\"3F0D11B0-A3DA-4D8F-89B9-CFD2094EBA37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.9\",\"matchCriteriaId\":\"171CFCB2-8F49-4F9E-8A67-FAC6BF45B5A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71D92C0-C023-48BD-B3B6-70B638EEE298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"13580667-0A98-40CC-B29F-D12790B91BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0acc9ba7a1b5ba4d998c5753e709be904e179b75\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/78ede9ebd679dadf480dce6f7b798e3603f88348\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/884b2590ffcc7222cbbd6298051f4c243cc36f5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b91a84299d72ae0e05551e851e47cd3008bd025b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.