CVE-2026-23157

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18

Description The Linux kernel contains a flaw in the btrfs subsystem related to dirty metadata page handling. Specifically, the kernel may strictly require a dirty metadata threshold for metadata writepages, potentially leading to a deadlock situation. This can occur when a cgroup has a limited memory allocation and a task dirties more pages than the cgroup's dirty limit. The btrfs internal threshold for writeback can exceed the cgroup's dirty limit, preventing writeback and causing processes to hang while waiting to reduce the number of dirty pages. This issue affects kernels before version 6.18, but newer kernels utilizing AS KERNEL FILE may not be impacted. The issue can cause a system hang and kernel coredump, with reports indicating over 1000 processes waiting at the io schedule timeout() function.

Recommendations versions prior to 6.18: Update to version 6.18 or later to address the issue.