Always-Incorrect Control Flow Implementation in Linux kernel - CVE-2026-53063
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper control flow management in invalidate_remove() in the dm-cache target when handling write hit bios after cache invalidation in passthrough mode. A local user can trigger write operations in this state to cause a denial of service.
The issue causes write operations to hang because a remapped overwrite bio is dropped without being submitted.
How to mitigate CVE-2026-53063
Sources
- https://git.kernel.org/stable/c/05798d091ebcfb6d68228890e593f209e8ac940d
- https://git.kernel.org/stable/c/4ca8b8bd952df7c3ccdc68af9bd3419d0839a04b
- https://git.kernel.org/stable/c/64d6519b00be4116d365bd31f33a5e5ce2944c1a
- https://git.kernel.org/stable/c/9fa18d0b981776b190ca4632942a7c2174052b78
- https://git.kernel.org/stable/c/b8ace9e96983abb20ccf39edce8a60f1bb0b83d8
- https://git.kernel.org/stable/c/ecb10c193cbebf5e6984246a9b4ff1f95d45ed87