CVE-2026-31556

medium

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchk_quota_item can return early after calling xchk_fblock_process_error. When that helper returns false, the function returned immediately without dropping dq->q_qlock, which can leave the dquot lock held and risk lock leaks or deadlocks in later quota operations. Fix this by unlocking dq->q_qlock before the early return.

References

https://git.kernel.org/stable/c/e822f535273af0e8968eab7acc0cea0b90dd25af

https://git.kernel.org/stable/c/d128fc0c5c2b19224927d4fd2a46c2fe6a1f606f

https://git.kernel.org/stable/c/3b0c3414b308e6822cda90bf99f7eac94d4cca2b

https://git.kernel.org/stable/c/268378b6ad20569af0d1957992de1c8b16c6e900

Details

Source: Mitre, NVD

Published: 2026-04-24

Updated: 2026-04-24

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium