{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23232", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.988Z", "datePublished": "2026-03-04T14:36:37.323Z", "dateUpdated": "2026-05-11T22:02:52.855Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:02:52.855Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"\n\nThis reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.\n\nOriginal patch may cause below deadlock, revert it.\n\nwrite\t\t\t\tremount\n- write_begin\n - lock_page --- lock A\n - prepare_write_begin\n - f2fs_map_lock\n\t\t\t\t- f2fs_enable_checkpoint\n\t\t\t\t - down_write(cp_enable_rwsem) --- lock B\n\t\t\t\t - sync_inode_sb\n\t\t\t\t - writepages\n\t\t\t\t - lock_page\t\t\t--- lock A\n - down_read(cp_enable_rwsem) --- lock A"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/data.c", "fs/f2fs/f2fs.h", "fs/f2fs/super.c"], "versions": [{"version": "196c81fdd438f7ac429d5639090a9816abb9760a", "lessThan": "b6382273801bc7c778545dd8004c9a9d750b4f62", "status": "affected", "versionType": "git"}, {"version": "196c81fdd438f7ac429d5639090a9816abb9760a", "lessThan": "3996b70209f145bfcf2afc7d05dd92c27b233b48", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/data.c", "fs/f2fs/f2fs.h", "fs/f2fs/super.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.3", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b6382273801bc7c778545dd8004c9a9d750b4f62"}, {"url": "https://git.kernel.org/stable/c/3996b70209f145bfcf2afc7d05dd92c27b233b48"}], "title": "Revert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7853A337-FB2A-4E19-AB47-4E38343532AA", "versionEndExcluding": "6.19.3", "versionStartIncluding": "6.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"\n\nThis reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.\n\nOriginal patch may cause below deadlock, revert it.\n\nwrite\t\t\t\tremount\n- write_begin\n - lock_page --- lock A\n - prepare_write_begin\n - f2fs_map_lock\n\t\t\t\t- f2fs_enable_checkpoint\n\t\t\t\t - down_write(cp_enable_rwsem) --- lock B\n\t\t\t\t - sync_inode_sb\n\t\t\t\t - writepages\n\t\t\t\t - lock_page\t\t\t--- lock A\n - down_read(cp_enable_rwsem) --- lock A"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \u00abf2fs: bloqueo de cach\u00e9/escritura dio durante f2fs_enable_checkpoint()\u00bb. Esto revierte la confirmaci\u00f3n 196c81fdd438f7ac429d5639090a9816abb9760a. El parche original puede causar el siguiente bloqueo, reviertelo. write remount - write_begin - lock_page --- lock A - prepare_write_begin - f2fs_map_lock - f2fs_enable_checkpoint - down_write (cp_enable_rwsem) --- bloqueo B - sync_inode_sb - writepages - lock_page --- bloqueo A - down_read(cp_enable_rwsem) --- bloqueo A"}], "id": "CVE-2026-23232", "lastModified": "2026-03-17T21:21:42.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-04T15:16:13.477", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3996b70209f145bfcf2afc7d05dd92c27b233b48"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b6382273801bc7c778545dd8004c9a9d750b4f62"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Revert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"", "id": "2444388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444388"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23232", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23232\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23232\nhttps://lore.kernel.org/linux-cve-announce/2026030439-CVE-2026-23232-b24d@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[196c81fdd438f7ac429d5639090a9816abb9760a,b6382273801bc7c778545dd8004c9a9d750b4f62)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[196c81fdd438f7ac429d5639090a9816abb9760a,3996b70209f145bfcf2afc7d05dd92c27b233b48)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.3,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-15T17:55:21.454992+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that includes the f2fs deadlock fix or rebuild the kernel with the revert commit\u202f196c81fdd438f7ac429d5639090a9816abb9760a.", "If updating the kernel is not immediately possible, reapply the revert commit manually to the kernel source tree.", "During maintenance or high\u2011risk periods, limit concurrent write operations and remount commands on affected systems to avoid the race condition."], "summary": {"action": "Patch Kernel", "impact": "Denial of Service via kernel lockup due to f2fs deadlock"}, "threat_synthesis": {"affected_systems": "The flaw affects any Linux kernel that incorporates the f2fs filesystem without the revert of commit\u202f196c81fdd438f7ac429d5639090a9816abb9760a. No version list is specified, so all builds that contain the original code path are potentially impacted until the patch is applied.", "description_and_impact": "The vulnerability arises in the f2fs filesystem\u2019s block cache write routine, where a write operation and a remount acquire kernel locks in conflicting order. This can freeze the kernel, stopping all system activity and effectively denying service. The weakness is a deadlock scenario, classified as CWE\u2011667.", "risk_and_exploitability": "The CVSS score is 5.5, indicating medium severity. The EPSS of less than 1% points to a very low probability of exploitation. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires a local user able to perform concurrent write operations and remount actions; this requirement is inferred from the description."}}}}, "created": "2026-03-04T21:03:26.332262+00:00", "updated": "2026-04-15T18:00:15.500661+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}