Bug 2436778 (CVE-2026-23053)

Summary: CVE-2026-23053 kernel: Linux kernel: Denial of Service in NFSv4.1 client due to deadlock during memory reclaim
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel. An NFSv4.1 client can experience a deadlock during memory reclaim. This occurs when state recovery waits on kthreadd while kthreadd attempts to reclaim memory by calling nfs_release_folio(), leading to a circular dependency. A local user can trigger this condition by initiating page cache activity on an NFS mount, resulting in hung tasks, system-wide stalls, and a Denial of Service (DoS).
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-02-04 17:02:56 UTC
In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix a deadlock involving nfs_release_folio()

Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery
waiting on kthreadd, which is attempting to reclaim memory by calling
nfs_release_folio(). The latter cannot make progress due to state
recovery being needed.

It seems that the only safe thing to do here is to kick off a writeback
of the folio, without waiting for completion, or else kicking off an
asynchronous commit.