CVE-2026-31467 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: add GFP_NOIO in the bio completion if needed

The bio completion path in the process context (e.g. dm-verity)
will directly call into decompression rather than trigger another
workqueue context for minimal scheduling latencies, which can
then call vm_map_ram() with GFP_KERNEL.

Due to insufficient memory, vm_map_ram() may generate memory
swapping I/O, which can cause submit_bio_wait to deadlock
in some scenarios.

Trimmed down the call stack, as follows:

f2fs_submit_read_io
submit_bio //bio_list is initialized.
mmc_blk_mq_recovery
z_erofs_endio
vm_map_ram
__pte_alloc_kernel
__alloc_pages_direct_reclaim
shrink_folio_list
__swap_writepage
submit_bio_wait //bio_list is non-NULL, hang!!!

Use memalloc_noio_{save,restore}() to wrap up this path.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d6565ea662e17d45a577184b0011bd69de22dc2b
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d9d8360cb66e3b599d89d2526e7da8b530ebf2ff
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 378949f46e897204384f3f5f91e42e93e3f87568
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< da40464064599eefe78749f75cd2bba371044c04
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< e83e20b82859f0588e9a52a6fa9fea704a2061cf
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< c23df30915f83e7257c8625b690a1cece94142a0

Linux

affected

Version	Status	Constraints
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.131`	unaffected	≤ 6.6.*
`6.12.80`	unaffected	≤ 6.12.*
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/378949f46e897204384f3f5f91e42e93e3f87568
https://git.kernel.org/stable/c/5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902
https://git.kernel.org/stable/c/c23df30915f83e7257c8625b690a1cece94142a0
https://git.kernel.org/stable/c/d6565ea662e17d45a577184b0011bd69de22dc2b
https://git.kernel.org/stable/c/d9d8360cb66e3b599d89d2526e7da8b530ebf2ff
https://git.kernel.org/stable/c/da40464064599eefe78749f75cd2bba371044c04
https://git.kernel.org/stable/c/e83e20b82859f0588e9a52a6fa9fea704a2061cf

History

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies, which can then call vm_map_ram() with GFP_KERNEL. Due to insufficient memory, vm_map_ram() may generate memory swapping I/O, which can cause submit_bio_wait to deadlock in some scenarios. Trimmed down the call stack, as follows: f2fs_submit_read_io submit_bio //bio_list is initialized. mmc_blk_mq_recovery z_erofs_endio vm_map_ram __pte_alloc_kernel __alloc_pages_direct_reclaim shrink_folio_list __swap_writepage submit_bio_wait //bio_list is non-NULL, hang!!! Use memalloc_noio_{save,restore}() to wrap up this path.
Title		erofs: add GFP_NOIO in the bio completion if needed
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/378949f46e897204384f3f5f91e42e93e3f87568 https://git.kernel.org/stable/c/5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902 https://git.kernel.org/stable/c/c23df30915f83e7257c8625b690a1cece94142a0 https://git.kernel.org/stable/c/d6565ea662e17d45a577184b0011bd69de22dc2b https://git.kernel.org/stable/c/d9d8360cb66e3b599d89d2526e7da8b530ebf2ff https://git.kernel.org/stable/c/da40464064599eefe78749f75cd2bba371044c04 https://git.kernel.org/stable/c/e83e20b82859f0588e9a52a6fa9fea704a2061cf

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:53:56.910Z

Updated: 2026-04-22T13:53:56.910Z

Reserved: 2026-03-09T15:48:24.097Z

Link: CVE-2026-31467

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-22T14:16:42.977

Modified: 2026-04-22T14:16:42.977

Link: CVE-2026-31467

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T17:00:11Z

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object