CVE-2026-53063
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidate_remove() function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwrite_bio but then drops it immediately without submission, causing write operations to hang. Fix by adding a new invalidate_committed() continuation that submits the remapped writes to the cache origin after metadata commit completes, while using the overwrite_endio hook to ensure proper completion sequencing. This maintains existing coherency. Also improve error handling in invalidate_complete() to preserve the original error status instead of using bio_io_error() unconditionally.
Affected versions
Linux kernel versions
4.12
and later are affected. Fixed in
6.1.175,
6.6.141,
6.12.91,
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
6 totalFrequently asked questions
-
What is CVE-2026-53063?
CVE-2026-53063 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.12 onward and has been patched in 6.1.175, 6.6.141, 6.12.91 and others. CVE-2026-53063 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53063?
Yes — CVE-2026-53063 has been patched. Fixed versions include 6.1.175, 6.6.141, 6.12.91 and others. If you are running Linux kernel 4.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53063 actively exploited?
No — CVE-2026-53063 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.