Bug 2492262 (CVE-2026-52960)

Summary: CVE-2026-52960 kernel: ceph: put folios not suitable for writeback
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's Ceph component. This vulnerability occurs due to improper handling of memory pages, known as folios, that are not suitable for writeback. When certain folios are removed, their references are not properly released, leading to a resource leak. A local attacker could potentially exploit this to cause resource exhaustion, resulting in a Denial of Service (DoS).
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-06-24 18:01:51 UTC
In the Linux kernel, the following vulnerability has been resolved:

ceph: put folios not suitable for writeback

The batch holds references to the folios (see `filemap_get_folios`,
`folio_batch_release`), so we need to `folio_put` the folios we remove.

Tested on v6.18.

Comment 1 Mauro Matteo Cascella 2026-06-25 12:44:47 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062436-CVE-2026-52960-9da2@gregkh/T