PT-2026-51944 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-53050
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
quota: Fix race of dquot scan active() with quota deactivation
dquot scan active() can race with quota deactivation in
quota release workfn() like:
CPU0 (quota release workfn) CPU1 (dquot scan active)
============================== ==============================
spin lock(&dq list lock);
list replace init(
&releasing dquots, &rls head);
/* dquot X on rls head,
dq count == 0,
DQ ACTIVE B still set /
spin unlock(&dq list lock);
synchronize srcu(&dquot srcu);
spin lock(&dq list lock);
list for each entry(dquot,
&inuse list, dq inuse) {
/ finds dquot X */
dquot active(X) -> true
atomic inc(&X->dq count);
}
spin unlock(&dq list lock);
spin lock(&dq list lock);
dquot = list first entry(&rls head);
WARN ON ONCE(atomic read(&dquot->dq count));
The problem is not only a cosmetic one as under memory pressure the
caller of dquot scan active() can end up working on freed dquot.
Fix the problem by making sure the dquot is removed from releasing list
when we acquire a reference to it.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux