CVE Catalog

CVE-2026-53124

Low risk· EPSS 4%
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

In the Linux kernel's ublk subsystem, a bug was found where the per-IO canceled flag was not reset immediately after each IO fetch. This caused that if the ublk server died after fetching only a subset of IOs, cancellation of those operations could never complete because the flag remained set.

Risk Assessment

The risk is that incomplete IO cancellation may lead to system hangs or resource deadlocks, potentially causing service unavailability and data loss in production environments.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix that resets the cancel flag for each IO right after it is fetched, preventing the described issue.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ublk: reset per-IO canceled flag on each fetch If a ublk server starts recovering devices but dies before issuing fetch commands for all IOs, cancellation of the fetch commands that were successfully issued may never complete. This is because the per-IO canceled flag can remain set even after the fetch for that IO has been submitted - the per-IO canceled flags for all IOs in a queue are reset together only once all IOs for that queue have been fetched. So if a nonempty proper subset of the IOs for a queue are fetched when the ublk server dies, the IOs in that subset will never successfully be canceled, as their canceled flags remain set, and this prevents ublk_cancel_cmd from actually calling io_uring_cmd_done on the commands, despite the fact that they are outstanding. Fix this by resetting the per-IO cancel flags immediately when each IO is fetched instead of waiting for all IOs for the queue (which may never happen).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS