{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-46061","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.095Z","datePublished":"2026-05-27T12:57:22.041Z","dateUpdated":"2026-06-14T17:51:27.666Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T17:51:27.666Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix deadlock in jbd2_journal_cancel_revoke()\n\nCommit f76d4c28a46a (\"fs/jbd2: use sleeping version of\n__find_get_block()\") changed jbd2_journal_cancel_revoke() to use\n__find_get_block_nonatomic() which holds the folio lock instead of\ni_private_lock. This breaks the lock ordering (folio -> buffer) and\ncauses an ABBA deadlock when the filesystem blocksize < pagesize:\n\n     T1                                T2\next4_mkdir()\n ext4_init_new_dir()\n  ext4_append()\n   ext4_getblk()\n    lock_buffer()    <- A\n                                   sync_blockdev()\n                                    blkdev_writepages()\n                                     writeback_iter()\n                                      writeback_get_folio()\n                                       folio_lock()   <- B\n     ext4_journal_get_create_access()\n      jbd2_journal_cancel_revoke()\n       __find_get_block_nonatomic()\n        folio_lock()  <- B\n                                     block_write_full_folio()\n                                      lock_buffer()   <- A\n\nThis can occasionally cause generic/013 to hang.\n\nFix by only calling __find_get_block_nonatomic() when the passed\nbuffer_head doesn't belong to the bdev, which is the only case that we\nneed to look up its bdev alias. Otherwise, the lookup is redundant since\nthe found buffer_head is equal to the one we passed in."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jbd2/revoke.c"],"versions":[{"version":"f1c5aa614b5c251f93a6a4c8c26001d5e9e53fd6","lessThan":"dff07cc98fdf6af57a7c054dc09b2050a9d5c287","status":"affected","versionType":"git"},{"version":"f76d4c28a46a9260d85e00dafc8f46d369365d33","lessThan":"2b2fee890250ab647a601124471a334bb01a0790","status":"affected","versionType":"git"},{"version":"f76d4c28a46a9260d85e00dafc8f46d369365d33","lessThan":"bbd943d6a2d566428324b516a37f98328dfb802d","status":"affected","versionType":"git"},{"version":"f76d4c28a46a9260d85e00dafc8f46d369365d33","lessThan":"981fcc5674e67158d24d23e841523eccba19d0e7","status":"affected","versionType":"git"},{"version":"1bb7a4b6b3d7dd8da6f5a9d0529d42c22a359e71","status":"affected","versionType":"git"},{"version":"6.12.31","lessThan":"6.12.86","status":"affected","versionType":"semver"},{"version":"6.14.9","lessThan":"6.15","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jbd2/revoke.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.31","versionEndExcluding":"6.12.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.27"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"7.0.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dff07cc98fdf6af57a7c054dc09b2050a9d5c287"},{"url":"https://git.kernel.org/stable/c/2b2fee890250ab647a601124471a334bb01a0790"},{"url":"https://git.kernel.org/stable/c/bbd943d6a2d566428324b516a37f98328dfb802d"},{"url":"https://git.kernel.org/stable/c/981fcc5674e67158d24d23e841523eccba19d0e7"}],"title":"jbd2: fix deadlock in jbd2_journal_cancel_revoke()","x_generator":{"engine":"bippy-1.2.0"}}}}