GHSA-V4FX-VWM3-3682
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-22 15:31In the Linux kernel, the following vulnerability has been resolved:
erofs: add GFP_NOIO in the bio completion if needed
The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies, which can then call vm_map_ram() with GFP_KERNEL.
Due to insufficient memory, vm_map_ram() may generate memory swapping I/O, which can cause submit_bio_wait to deadlock in some scenarios.
Trimmed down the call stack, as follows:
f2fs_submit_read_io submit_bio //bio_list is initialized. mmc_blk_mq_recovery z_erofs_endio vm_map_ram __pte_alloc_kernel __alloc_pages_direct_reclaim shrink_folio_list __swap_writepage submit_bio_wait //bio_list is non-NULL, hang!!!
Use memalloc_noio_{save,restore}() to wrap up this path.
{
"affected": [],
"aliases": [
"CVE-2026-31467"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:42Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: add GFP_NOIO in the bio completion if needed\n\nThe bio completion path in the process context (e.g. dm-verity)\nwill directly call into decompression rather than trigger another\nworkqueue context for minimal scheduling latencies, which can\nthen call vm_map_ram() with GFP_KERNEL.\n\nDue to insufficient memory, vm_map_ram() may generate memory\nswapping I/O, which can cause submit_bio_wait to deadlock\nin some scenarios.\n\nTrimmed down the call stack, as follows:\n\nf2fs_submit_read_io\n submit_bio //bio_list is initialized.\n mmc_blk_mq_recovery\n z_erofs_endio\n vm_map_ram\n __pte_alloc_kernel\n __alloc_pages_direct_reclaim\n shrink_folio_list\n __swap_writepage\n submit_bio_wait //bio_list is non-NULL, hang!!!\n\nUse memalloc_noio_{save,restore}() to wrap up this path.",
"id": "GHSA-v4fx-vwm3-3682",
"modified": "2026-04-22T15:31:42Z",
"published": "2026-04-22T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31467"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/378949f46e897204384f3f5f91e42e93e3f87568"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c23df30915f83e7257c8625b690a1cece94142a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d6565ea662e17d45a577184b0011bd69de22dc2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9d8360cb66e3b599d89d2526e7da8b530ebf2ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da40464064599eefe78749f75cd2bba371044c04"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e83e20b82859f0588e9a52a6fa9fea704a2061cf"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.