{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31556", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.115Z", "datePublished": "2026-04-24T14:35:39.880Z", "dateUpdated": "2026-05-11T22:11:04.289Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:11:04.289Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: scrub: unlock dquot before early return in quota scrub\n\nxchk_quota_item can return early after calling xchk_fblock_process_error.\nWhen that helper returns false, the function returned immediately without\ndropping dq->q_qlock, which can leave the dquot lock held and risk lock\nleaks or deadlocks in later quota operations.\n\nFix this by unlocking dq->q_qlock before the early return."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/scrub/quota.c"], "versions": [{"version": "7d1f0e167a067ed741dec08b7614d76893422b04", "lessThan": "e822f535273af0e8968eab7acc0cea0b90dd25af", "status": "affected", "versionType": "git"}, {"version": "7d1f0e167a067ed741dec08b7614d76893422b04", "lessThan": "3b0c3414b308e6822cda90bf99f7eac94d4cca2b", "status": "affected", "versionType": "git"}, {"version": "7d1f0e167a067ed741dec08b7614d76893422b04", "lessThan": "d128fc0c5c2b19224927d4fd2a46c2fe6a1f606f", "status": "affected", "versionType": "git"}, {"version": "7d1f0e167a067ed741dec08b7614d76893422b04", "lessThan": "268378b6ad20569af0d1957992de1c8b16c6e900", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/scrub/quota.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e822f535273af0e8968eab7acc0cea0b90dd25af"}, {"url": "https://git.kernel.org/stable/c/3b0c3414b308e6822cda90bf99f7eac94d4cca2b"}, {"url": "https://git.kernel.org/stable/c/d128fc0c5c2b19224927d4fd2a46c2fe6a1f606f"}, {"url": "https://git.kernel.org/stable/c/268378b6ad20569af0d1957992de1c8b16c6e900"}], "title": "xfs: scrub: unlock dquot before early return in quota scrub", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D6E7FC1-C351-46F7-8992-750C075964CD", "versionEndExcluding": "6.12.80", "versionStartIncluding": "6.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED39847A-3B46-4729-B7CA-B2C30B9FA8FE", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*", "matchCriteriaId": "41E47F32-BA80-4333-96FD-4D25082B0FDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: scrub: unlock dquot before early return in quota scrub\n\nxchk_quota_item can return early after calling xchk_fblock_process_error.\nWhen that helper returns false, the function returned immediately without\ndropping dq->q_qlock, which can leave the dquot lock held and risk lock\nleaks or deadlocks in later quota operations.\n\nFix this by unlocking dq->q_qlock before the early return."}], "id": "CVE-2026-31556", "lastModified": "2026-04-27T20:14:18.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:29.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/268378b6ad20569af0d1957992de1c8b16c6e900"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3b0c3414b308e6822cda90bf99f7eac94d4cca2b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d128fc0c5c2b19224927d4fd2a46c2fe6a1f606f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e822f535273af0e8968eab7acc0cea0b90dd25af"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: xfs: scrub: unlock dquot before early return in quota scrub", "id": "2461516", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461516"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's XFS filesystem component. During quota scrubbing, the `xchk_quota_item` function could exit prematurely without releasing a critical lock. This can result in lock leaks or deadlocks in subsequent quota operations, potentially leading to system instability or a Denial of Service (DoS) condition."], "name": "CVE-2026-31556", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31556\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31556\nhttps://lore.kernel.org/linux-cve-announce/2026042457-CVE-2026-31556-9b84@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7d1f0e167a067ed741dec08b7614d76893422b04,e822f535273af0e8968eab7acc0cea0b90dd25af)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7d1f0e167a067ed741dec08b7614d76893422b04,3b0c3414b308e6822cda90bf99f7eac94d4cca2b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7d1f0e167a067ed741dec08b7614d76893422b04,d128fc0c5c2b19224927d4fd2a46c2fe6a1f606f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7d1f0e167a067ed741dec08b7614d76893422b04,268378b6ad20569af0d1957992de1c8b16c6e900)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.8"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.8)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T20:19:33.447542+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched Linux kernel version that includes the dquot unlock fix, such as the latest stable release of 6.8 or a 7.0 release after the patch.", "Reboot the system to load the updated kernel and ensure that the XFS quota scrub functions normally.", "If a kernel upgrade cannot be performed immediately, disable XFS quota enforcement on affected filesystems by remounting them without the \"usrquota\"/\"grpquota\" options or by unsetting quota enforcement, thereby preventing the early return condition from occurring as a temporary mitigation."], "summary": {"action": "Patch", "impact": "Potential lock leaks or deadlocks in quota operations"}, "threat_synthesis": {"affected_systems": "All Linux kernels that enable XFS quota support are vulnerable, including kernel 6.8 and all 7.0 release candidates (rc1 through rc7). Kernels that are compiled without XFS or without quota support are not affected. The vulnerability affects the core quota subsystem and is present until the kernel patch that unlocks the lock before early return.", "description_and_impact": "In the Linux kernel XFS filesystem, a missing release of the dquot lock during quota scrub operations can leave the lock held when an error occurs early in the scrub. This lock leak can lead to deadlocks or resource exhaustion in later quota management activities, impacting system availability rather than confidentiality or integrity.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity incident, and the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, further indicating low prevalence. Based on the description, it is inferred that an attacker would need to trigger a quota error while operating on an XFS filesystem, which at minimum requires local access or root privileges. While feasible in a controlled or privileged environment, the limited attack surface and low exploitation likelihood reduce the overall risk compared to higher\u2011impact flaws."}}}}, "created": "2026-04-27T19:15:11.615756+00:00", "updated": "2026-04-28T20:30:06.177839+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}