VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 22, 2026· Updated May 7, 2026

CVE-2026-31465

CVE-2026-31465

Description

In the Linux kernel, the following vulnerability has been resolved:

writeback: don't block sync for filesystems with no data integrity guarantees

Add a SB_I_NO_DATA_INTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync (eg fuse). For superblocks with this flag set, sync kicks off writeback of dirty inodes but does not wait for the flusher threads to complete the writeback.

This replaces the per-inode AS_NO_DATA_INTEGRITY mapping flag added in commit f9a49aa302a0 ("fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes()"). The flag belongs at the superblock level because data integrity is a filesystem-wide property, not a per-inode one. Having this flag at the superblock level also allows us to skip having to iterate every dirty inode in wait_sb_inodes() only to skip each inode individually.

Prior to this commit, mappings with no data integrity guarantees skipped waiting on writeback completion but still waited on the flusher threads to finish initiating the writeback. Waiting on the flusher threads is unnecessary. This commit kicks off writeback but does not wait on the flusher threads. This change properly addresses a recent report [1] for a suspend-to-RAM hang seen on fuse-overlayfs that was caused by waiting on the flusher threads to finish:

Workqueue: pm_fs_sync pm_fs_sync_work_fn Call Trace:

__schedule+0x457/0x1720 schedule+0x27/0xd0 wb_wait_for_completion+0x97/0xe0 sync_inodes_sb+0xf8/0x2e0 __iterate_supers+0xdc/0x160 ksys_sync+0x43/0xb0 pm_fs_sync_work_fn+0x17/0xa0 process_one_work+0x193/0x350 worker_thread+0x1a1/0x310 kthread+0xfc/0x240 ret_from_fork+0x243/0x280 ret_from_fork_asm+0x1a/0x30

On fuse this is problematic because there are paths that may cause the flusher thread to block (eg if systemd freezes the user session cgroups first, which freezes the fuse daemon, before invoking the kernel suspend. The kernel suspend triggers ->write_node() which on fuse issues a synchronous setattr request, which cannot be processed since the daemon is frozen. Or if the daemon is buggy and cannot properly complete writeback, initiating writeback on a dirty folio already under writeback leads to writeback_get_folio() -> folio_prepare_writeback() -> unconditional wait on writeback to finish, which will cause a hang). This commit restores fuse to its prior behavior before tmp folios were removed, where sync was essentially a no-op.

[1] https://lore.kernel.org/linux-fsdevel/CAJnrk1a-asuvfrbKXbEwwDSctvemF+6zfhdnuzO65Pt8HsFSRw@mail.gmail.com/T/#m632c4648e9cafc4239299887109ebd880ac6c5c1

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel writeback fix prevents sync blocking on filesystems without data integrity guarantees, resolving a suspend-to resolve suspend hangs on fuse-overlayfs.

Vulnerability

CVE-2026-31465 addresses a flaw in the Linux kernel's writeback mechanism where the sync operation could block indefinitely on filesystems that cannot guarantee data persistence, such as FUSE. The root cause was that sync_inodes_sb() waited for flusher threads to finish initiating writeback even for inodes with no data integrity guarantees, leading to hangs when those threads blocked (e.g., during suspend).

Exploitation

An attacker with local access could trigger a system-wide sync (e.g., via ksys_sync during suspend) on a system using a FUSE filesystem. If the FUSE daemon is frozen or unresponsive, the flusher thread blocks, causing the entire sync operation to hang. This was demonstrated in a suspend-to-RAM hang on fuse-overlayfs, where the call trace [1].

Impact

Successful exploitation results in a denial of service (system hang) during sync operations, particularly affecting suspend/resume workflows. The vulnerability has a CVSS v3 score of 5.5 (Medium) and can lead to a complete loss of availability.

Mitigation

The fix introduces the SB_I_NO_DATA_INTEGRITY superblock flag for filesystems like FUSE. For such superblocks, sync kicks off writeback but does not wait for flusher threads to complete, preventing the hang. The patch is included in stable kernel updates [1][2][3].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Linux/Kernel7 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.16,<6.18.21
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.