CVE-2026-45895 Linux CVE debrief

Who should care

Linux system administrators running filesystem quota management alongside backup or maintenance operations that freeze filesystems; kernel maintainers and distributors; organizations using CPU pinning or single-core configurations for I/O-intensive workloads

Technical summary

The vulnerability is a livelock in fs/quota/quota.c's quotactl_block() function. When a filesystem is frozen via freeze_super(), quotactl_block() spins in a retry loop acquiring s_umount, checking freeze state, dropping s_umount, and using sb_start_write()/sb_end_write() to wait. On non-preemptible kernels, this tight loop never yields, preventing RCU quiescence. The freezer's sb_wait_write() → percpu_down_write() → synchronize_rcu() chain stalls waiting for the quota CPU, while the quota CPU stalls waiting for the freezer. The fix inserts cond_resched() into the retry loop, explicitly yielding and providing an RCU quiescent state. Multiple stable kernel branches received backports of this fix.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable tree commits resolving the livelock condition
• Prioritize patching systems running quota operations with filesystem freeze/thaw cycles
• Monitor for hung freezer processes or sustained 100% CPU usage in quota-related kernel threads
• Consider avoiding concurrent quota and freeze operations on single-CPU or CPU-pinned workloads until patched
• Review kernel preemption configuration; non-preemptible kernels are more susceptible to this livelock

Evidence notes

Vulnerability description sourced from official CVE record published 2026-05-27. Root cause identified as missing scheduling point in quotactl_block() retry loop. Fix confirmed via kernel.org stable tree commits adding cond_resched(). Reproduction scenario documented using xfs_freeze and quotaon/quotaoff on pinned CPU.

Official resources