{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T20:00:07.485","vulnerabilities":[{"cve":{"id":"CVE-2026-23097","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-04T17:16:20.570","lastModified":"2026-03-18T12:47:17.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmigrate: correct lock ordering for hugetlb file folios\n\nSyzbot has found a deadlock (analyzed by Lance Yang):\n\n1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock).\n2) Task (5754): Holds i_mmap_rwsem(write lock), then tries to acquire\nfolio_lock.\n\nmigrate_pages()\n -> migrate_hugetlbs()\n -> unmap_and_move_huge_page() <- Takes folio_lock!\n -> remove_migration_ptes()\n -> __rmap_walk_file()\n -> i_mmap_lock_read() <- Waits for i_mmap_rwsem(read lock)!\n\nhugetlbfs_fallocate()\n -> hugetlbfs_punch_hole() <- Takes i_mmap_rwsem(write lock)!\n -> hugetlbfs_zero_partial_page()\n -> filemap_lock_hugetlb_folio()\n -> filemap_lock_folio()\n -> __filemap_get_folio <- Waits for folio_lock!\n\nThe migration path is the one taking locks in the wrong order according to\nthe documentation at the top of mm/rmap.c. So expand the scope of the\nexisting i_mmap_lock to cover the calls to remove_migration_ptes() too.\n\nThis is (mostly) how it used to be after commit c0d0381ade79. That was\nremoved by 336bf30eb765 for both file & anon hugetlb pages when it should\nonly have been removed for anon hugetlb pages."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nmigrate: orden correcto de bloqueo para folios de archivo hugetlb\n\nSyzbot ha encontrado un interbloqueo (analizado por Lance Yang):\n\n1) Tarea (5749): Mantiene folio_lock, luego intenta adquirir i_mmap_rwsem (bloqueo de lectura).\n2) Tarea (5754): Mantiene i_mmap_rwsem (bloqueo de escritura), luego intenta adquirir folio_lock.\n\nmigrate_pages()\n -> migrate_hugetlbs()\n -> unmap_and_move_huge_page() <- ¡Toma folio_lock!\n -> remove_migration_ptes()\n -> __rmap_walk_file()\n -> i_mmap_lock_read() <- ¡Espera por i_mmap_rwsem (bloqueo de lectura)!\n\nhugetlbfs_fallocate()\n -> hugetlbfs_punch_hole() <- ¡Toma i_mmap_rwsem (bloqueo de escritura)!\n -> hugetlbfs_zero_partial_page()\n -> filemap_lock_hugetlb_folio()\n -> filemap_lock_folio()\n -> __filemap_get_folio <- ¡Espera por folio_lock!\n\nLa ruta de migración es la que toma los bloqueos en el orden incorrecto según la documentación en la parte superior de mm/rmap.c. Así que expandir el alcance del i_mmap_lock existente para cubrir también las llamadas a remove_migration_ptes().\n\nEsto es (en su mayoría) como solía ser después del commit c0d0381ade79. Eso fue eliminado por 336bf30eb765 tanto para páginas hugetlb de archivo como anónimas cuando solo debería haber sido eliminado para páginas hugetlb anónimas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.9","versionEndExcluding":"5.10","matchCriteriaId":"9598C575-CE16-4F2B-A517-667AA54B4B86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.1","versionEndExcluding":"5.10.249","matchCriteriaId":"FE8CC3D1-1602-4F1D-A05B-F0E1722A86DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.199","matchCriteriaId":"A247FBA6-BEB9-484F-B892-DD5517949CCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.162","matchCriteriaId":"6579E0D4-0641-479D-A4C3-0EF618798C55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.122","matchCriteriaId":"8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.68","matchCriteriaId":"52F38E19-0FDD-4992-9D6D-D4169D689598"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.8","matchCriteriaId":"E65C6E79-7EBE-4C77-93F0-818CF5B38F4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*","matchCriteriaId":"B29EBB93-107F-4ED6-8DE3-C2732BC659C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:rc4:*:*:*:*:*:*","matchCriteriaId":"0CD159FA-170F-4389-9085-CACCF97ABB1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:rc5:*:*:*:*:*:*","matchCriteriaId":"F0390D83-6C17-4557-BE8D-B659E04F565A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:rc6:*:*:*:*:*:*","matchCriteriaId":"4120E4B3-B66D-4ACE-8570-1DD4DF20A324"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:rc7:*:*:*:*:*:*","matchCriteriaId":"73D60343-647D-4B5D-AA6D-CE87C462E368"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1b68efce6dd483d22f50d0d3800c4cfda14b1305","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/526394af4e8ade89cacd1a9ce2b97712712fcc34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5edb9854f8df5428b40990a1c7d60507da5bd330","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad97b9a55246eb940a26ac977f80892a395cabf9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b75070823b89009f5123fd0e05a8e0c3d39937c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7880cb166ab62c2409046b2347261abf701530e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7396d23f9d5739f56cf9ab430c3a169f5508394","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}