VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 4, 2026· Updated Apr 15, 2026

CVE-2026-23053

CVE-2026-23053

Description

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix a deadlock involving nfs_release_folio()

Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfs_release_folio(). The latter cannot make progress due to state recovery being needed.

It seems that the only safe thing to do here is to kick off a writeback of the folio, without waiting for completion, or else kicking off an asynchronous commit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A deadlock in NFSv4.1 occurs when memory reclaim triggers nfs_release_folio() while state recovery is pending, causing a circular wait and system hang.

Vulnerability

A deadlock in the Linux kernel's NFS subsystem (NFSv4.1) was discovered, involving a circular dependency between memory reclaim and NFS state recovery. When kthreadd attempts to reclaim memory via nfs_release_folio(), it may block if NFS state recovery is underway, but state recovery itself cannot proceed because it is waiting for kthreadd. This creates a deadlock.

Exploitation

An attacker with local access can trigger memory pressure while NFS state recovery is needed, for example by exhausting memory or initiating a forced unmount. The deadlock does not require authentication to the NFS server, but the system must be an NFS client with NFSv4.1 mount. No special network position is required beyond normal NFS client operation.

Impact

The deadlock results in a complete system hang, as both kthreadd and NFS recovery threads become stuck. This leads to denial of service, rendering the system unresponsive. No privilege escalation or data corruption is reported.

Mitigation

The fix involves modifying nfs_release_folio() to kick off writeback or an asynchronous commit without waiting for completion, breaking the circular dependency. Patches were applied to the stable kernel trees as commits [1] and [2]. Users should update to kernels containing these fixes.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.