CVE-2026-23097
Severity
5.5MEDIUM
EPSS
0.0%
top 95.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateApr 9
Description
In the Linux kernel, the following vulnerability has been resolved:
migrate: correct lock ordering for hugetlb file folios
Syzbot has found a deadlock (analyzed by Lance Yang):
1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock).
2) Task (5754): Holds i_mmap_rwsem(write lock), then tries to acquire
folio_lock.
migrate_pages()
-> migrate_hugetlbs()
-> unmap_and_move_huge_page() remove_migration_ptes()
-> __rmap_walk_file()
-> i_mmap_lock_read() hugetlbfs_punch_hole…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux336bf30eb76580b579dc711ded5d599d905c0217 — e7396d23f9d5739f56cf9ab430c3a169f5508394+8
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3gqm-m375-7mp2: In the Linux kernel, the following vulnerability has been resolved:
migrate: correct lock ordering for hugetlb file folios
Syzbot has found a deadlo↗2026-02-04
OSV▶
CVE-2026-23097: In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock↗2026-02-04