Severity
5.5MEDIUM
EPSS
0.0%
top 99.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not strictly require dirty metadata threshold for metadata writepages
[BUG]
There is an internal report that over 1000 processes are
waiting at the io_schedule_timeout() of balance_dirty_pages(), causing
a system hang and trigger a kernel coredump.
The kernel is v6.4 kernel based, but the root problem still applies to
any upstream kernel before v6.18.
[CAUSE]
From Jan Kara for his wisdom on the dirty page balance b…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux793955bca66c99defdffc857ae6eb7e8431d6bbe — bb9be3f713652e330df00f3724c18c7a5469e7ac+5
Patches
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 6.18.8 btrfs io_schedule_timeout deadlock (Nessus ID 299067 / WID-SEC-2026-0421)↗2026-04-13
OSV▶
CVE-2026-23157: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [B↗2026-02-14
GHSA▶
GHSA-pw2v-cmfh-x2p3: In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not strictly require dirty metadata threshold for metadata writepages↗2026-02-14
📋Vendor Advisories
3Red Hat
▶
Microsoft
▶
Debian▶
CVE-2026-23157: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: do n...↗2026