SB2026062596 - Always-Incorrect Control Flow Implementation in Linux kernel md driver
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2026-53063)
CWE-ID: CWE-670 - Always-Incorrect Control Flow Implementation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper control flow management in invalidate_remove() in the dm-cache target when handling write hit bios after cache invalidation in passthrough mode. A local user can trigger write operations in this state to cause a denial of service.
The issue causes write operations to hang because a remapped overwrite bio is dropped without being submitted.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/05798d091ebcfb6d68228890e593f209e8ac940d
- https://git.kernel.org/stable/c/4ca8b8bd952df7c3ccdc68af9bd3419d0839a04b
- https://git.kernel.org/stable/c/64d6519b00be4116d365bd31f33a5e5ce2944c1a
- https://git.kernel.org/stable/c/9fa18d0b981776b190ca4632942a7c2174052b78
- https://git.kernel.org/stable/c/b8ace9e96983abb20ccf39edce8a60f1bb0b83d8
- https://git.kernel.org/stable/c/ecb10c193cbebf5e6984246a9b4ff1f95d45ed87