HOMEVULNERABILITIESCVE-2026-31465
NONE

CVE-2026-31465

Published: April 22, 2026· Updated: Apr 23, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

writeback: don't block sync for filesystems with no data integrity guarantees

Add a SB_I_NO_DATA_INTEGRITY superblock flag for filesystems that cannot

guarantee data persistence on sync (eg fuse). For superblocks with this

flag set, sync kicks off writeback of dirty inodes but does not wait

for the flusher threads to complete the writeback.

This replaces the per-inode AS_NO_DATA_INTEGRITY mapping flag added in

commit f9a49aa302a0 ("fs/writeback: skip AS_NO_DATA_INTEGRITY mappings

in wait_sb_inodes()"). The flag belongs at the superblock level because

data integrity is a filesystem-wide property, not a per-inode one.

Having this flag at the superblock level also allows us to skip having

to iterate every dirty inode in wait_sb_inodes() only to skip each inode

individually.

Prior to this commit, mappings with no data integrity guarantees skipped

waiting on writeback completion but still waited on the flusher threads

to finish initiating the writeback. Waiting on the flusher threads is

unnecessary. This commit kicks off writeback but does not wait on the

flusher threads. This change properly addresses a recent report [1] for

a suspend-to-RAM hang seen on fuse-overlayfs that was caused by waiting

on the flusher threads to finish:

Workqueue: pm_fs_sync pm_fs_sync_work_fn

Call Trace:

<TASK>

__schedule+0x457/0x1720

schedule+0x27/0xd0

wb_wait_for_completion+0x97/0xe0

sync_inodes_sb+0xf8/0x2e0

__iterate_supers+0xdc/0x160

ksys_sync+0x43/0xb0

pm_fs_sync_work_fn+0x17/0xa0

process_one_work+0x193/0x350

worker_thread+0x1a1/0x310

kthread+0xfc/0x240

ret_from_fork+0x243/0x280

ret_from_fork_asm+0x1a/0x30

</TASK>

On fuse this is problematic because there are paths that may cause the

flusher thread to block (eg if systemd freezes the user session cgroups

first, which freezes the fuse daemon, before invoking the kernel

suspend. The kernel suspend triggers ->write_node() which on fuse issues

a synchronous setattr request, which cannot be processed since the

daemon is frozen. Or if the daemon is buggy and cannot properly complete

writeback, initiating writeback on a dirty folio already under writeback

leads to writeback_get_folio() -> folio_prepare_writeback() ->

unconditional wait on writeback to finish, which will cause a hang).

This commit restores fuse to its prior behavior before tmp folios were

removed, where sync was essentially a no-op.

[1] https://lore.kernel.org/linux-fsdevel/CAJnrk1a-asuvfrbKXbEwwDSctvemF+6zfhdnuzO65Pt8HsFSRw@mail.gmail.com/T/#m632c4648e9cafc4239299887109ebd880ac6c5c1

NVD Source

Technical Analysis

CVE-2026-31465 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-31465
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedApr 22, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31465 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.