CVE-2026-31557

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A recursive locking issue exists in the nvmet component. When the nvmet ctrl free() function flushes ctrl->async event work while running on the nvmet-wq workqueue, it causes the flush to re-enter workqueue completion for the same worker. This occurs through a chain where nvmet rdma release queue work() leads to nvmet ctrl free(), which then attempts to lock the same nvmet-wq completion lock already held by the process, potentially leading to a system deadlock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.