PT-2026-8163 · Linux+2 · Linux Kernel+2

Bernd

·

Published

2026-01-01

·

Updated

2026-06-16

·

CVE-2026-23168

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the flexible proportions code. A lockdep splat can occur due to a race condition within the fprop new period() function. Specifically, the issue arises when a timer fires within softirq context, calling writeout period which then invokes fprop new period(). Simultaneously, a hardirq can be raised, leading to an indefinite loop when reading the sequence counter due to an odd sequence value. This condition is more likely to occur with FUSE block device interfaces (bdis) that have configured a maximum fraction of writeout throughput. The vulnerability is related to the sequence counter write section not being irqsafe.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23168
OPENSUSE-SU-2026:20826-1
SUSE-SU-2026:21841-1
SUSE-SU-2026:21845-1
SUSE-SU-2026:21860-1
SUSE-SU-2026:21876-1
SUSE-SU-2026:21877-1
SUSE-SU-2026:21916-1
SUSE-SU-2026:21919-1
SUSE-SU-2026:2217-1
SUSE-SU-2026:2238-1
USN-8278-1
USN-8278-2
USN-8289-1
USN-8289-2
USN-8296-1
USN-8296-2
USN-8393-1
USN-8440-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu