CVE-2026-31448

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the ext4 file system during the mkdir and mknod paths. When mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails, the ext4 ext map blocks() function calls ext4 free blocks() to reclaim the physical block but fails to delete the corresponding data in the extent tree. This results in subsequent mkdir operations referencing a reclaimed physical block already in use by the xattr block, causing both the directory and xattr to use the same buffer head block in memory simultaneously. Consequently, the ext4 xattr block set() function enters an infinite loop and cannot release the inode lock, leading to system blocking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.