CVE-2026-53063
CVE-2026-53063 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (8th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-38931
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidate_remove() function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwrite_bio but then drops it immediately without submission, causing write operations to hang. Fix by adding a new invalidate_committed() continuation that submits the remapped writes to the cache origin after metadata commit completes, while using the overwrite_endio hook to ensure proper completion sequencing. This maintains existing coherency. Also improve error handling in invalidate_complete() to preserve the original error status instead of using bio_io_error() unconditionally.
Frequently asked questions
- What is CVE-2026-53063?
- In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidate_remove() function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwrite_bio but then drops it immediately without submission, causing write operations to hang. Fix by adding a new invalidate_committed() continuation that submits the remapped writes to the cache origin after metadata commit completes, while using the overwrite_endio hook to ensure proper completion sequencing. This maintains existing coherency. Also improve error handling in invalidate_complete() to preserve the original error status instead of using bio_io_error() unconditionally.
- Is CVE-2026-53063 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (8th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-53063?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-53063 have an EU (EUVD) identifier?
- Yes. CVE-2026-53063 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-38931.
- When was CVE-2026-53063 published?
- CVE-2026-53063 was published on 2026-06-24.
References
- https://git.kernel.org/stable/c/05798d091ebcfb6d68228890e593f209e8ac940d
- https://git.kernel.org/stable/c/4ca8b8bd952df7c3ccdc68af9bd3419d0839a04b
- https://git.kernel.org/stable/c/64d6519b00be4116d365bd31f33a5e5ce2944c1a
- https://git.kernel.org/stable/c/9fa18d0b981776b190ca4632942a7c2174052b78
- https://git.kernel.org/stable/c/b8ace9e96983abb20ccf39edce8a60f1bb0b83d8
- https://git.kernel.org/stable/c/ecb10c193cbebf5e6984246a9b4ff1f95d45ed87