CVE-2026-31467

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DEBIAN-CVE-2026-31467 MGASA-2026-0108 MGASA-2026-0110 RHSA-2026:25191 UBUNTU-CVE-2026-31467

Analyzed

Published: 22 Apr 2026, 13:53

Last modified:11 May 2026, 22:09

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.38% LOW

0% probability +0.31%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Apr 2026, 13:53

Published

Vulnerability first disclosed

11 May 2026, 22:09

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies, which can then call vm_map_ram() with GFP_KERNEL. Due to insufficient memory, vm_map_ram() may generate memory swapping I/O, which can cause submit_bio_wait to deadlock in some scenarios. Trimmed down the call stack, as follows: f2fs_submit_read_io submit_bio //bio_list is initialized. mmc_blk_mq_recovery z_erofs_endio vm_map_ram __pte_alloc_kernel __alloc_pages_direct_reclaim shrink_folio_list __swap_writepage submit_bio_wait //bio_list is non-NULL, hang!!! Use memalloc_noio_{save,restore}() to wrap up this path.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.38%• Percentile: 29%

Techniques & Countermeasures

CWE-667•Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Affected Systems

linux•linux
≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < d6565ea662e17d45a577184b0011bd69de22dc2b | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < d9d8360cb66e3b599d89d2526e7da8b530ebf2ff | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 378949f46e897204384f3f5f91e42e93e3f87568 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < da40464064599eefe78749f75cd2bba371044c04 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < e83e20b82859f0588e9a52a6fa9fea704a2061cf | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < c23df30915f83e7257c8625b690a1cece94142a0 | ≥ 648f2de053a882c87c05f0060f47d3b11841fdbe, < d6565ea662e17d45a577184b0011bd69de22dc2b | ≥ 648f2de053a882c87c05f0060f47d3b11841fdbe, < d9d8360cb66e3b599d89d2526e7da8b530ebf2ff | ≥ 648f2de053a882c87c05f0060f47d3b11841fdbe, < 5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902 | ≥ 648f2de053a882c87c05f0060f47d3b11841fdbe, < 378949f46e897204384f3f5f91e42e93e3f87568 | ≥ 648f2de053a882c87c05f0060f47d3b11841fdbe, < da40464064599eefe78749f75cd2bba371044c04 | ≥ 648f2de053a882c87c05f0060f47d3b11841fdbe, < e83e20b82859f0588e9a52a6fa9fea704a2061cf | ≥ 648f2de053a882c87c05f0060f47d3b11841fdbe, < c23df30915f83e7257c8625b690a1cece94142a0 | 5.13
linux•linux_kernel
≥ 5.13, < 5.15.203 | ≥ 5.16, < 6.1.168 | ≥ 6.2, < 6.6.131 | ≥ 6.7, < 6.12.80 | ≥ 6.13, < 6.18.21 | ≥ 6.19, < 6.19.11 | 7.0:rc1 | 7.0:rc2 | 7.0:rc3 | 7.0:rc4 | 7.0:rc5