Home

Description

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place to start abandonment from, but it doesn't always have a useful value (it will be uninitialised on the first pass through the loop and it may point to a deleted subrequest on later passes). Fix the first jump to "abandon:" to set subreq to the start of the first subrequest expected to need retry (which, in this abandonment case, turned out unexpectedly to no longer have NEED_RETRY set). Also clear the subreq pointer after discarding superfluous retryable subrequests to cause an oops if we do try to access it.

PUBLISHED Reserved 2026-03-09 | Published 2026-04-22 | Updated 2026-05-11 | Assigner Linux




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

ee4cdf7ba857a894ad1650d6ab77669cbbfa329e (git) before 3e5fd8f53b575ff2188f82071da19c977ca56c41
affected

ee4cdf7ba857a894ad1650d6ab77669cbbfa329e (git) before 8f2f2bd128a8d9edbc1e785760da54ada3df69b7
affected

ee4cdf7ba857a894ad1650d6ab77669cbbfa329e (git) before 7e57523490cd2efb52b1ea97f2e0a74c0fb634cd
affected

Default status
affected

6.12
affected

Any version before 6.12
unaffected

6.18.21 (semver)
unaffected

6.19.11 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/3e5fd8f53b575ff2188f82071da19c977ca56c41

git.kernel.org/...c/8f2f2bd128a8d9edbc1e785760da54ada3df69b7

git.kernel.org/...c/7e57523490cd2efb52b1ea97f2e0a74c0fb634cd

cve.org (CVE-2026-31435)

nvd.nist.gov (CVE-2026-31435)

Download JSON