CVE-2026-53319
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from wbt_alloc() and wbt_init(). However, both are expected failure paths: - wbt_alloc() can return NULL under memory pressure (-ENOMEM) - wbt_init() can fail with -EBUSY if wbt is already registered syzbot triggers this by injecting memory allocation failures during MTD partition creation via ioctl(BLKPG), causing a spurious warning. wbt_init_enable_default() is a best-effort initialization called from blk_register_queue() with a void return type. Failure simply means the disk operates without writeback throttling, which is harmless. Replace WARN_ON_ONCE with plain if-checks, consistent with how wbt_set_lat() in the same file already handles these failures. Add a pr_warn() for the wbt_init() failure to retain diagnostic information without triggering a full stack trace.
Affected versions
Linux kernel versions
7.0
and later are affected. Fixed in
7.0.10,
7.1
and their respective stable series.
References
2 totalFrequently asked questions
-
What is CVE-2026-53319?
CVE-2026-53319 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 7.0 onward and has been patched in 7.0.10 and 7.1. CVE-2026-53319 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53319?
Yes — CVE-2026-53319 has been patched. Fixed versions include 7.0.10 and 7.1. If you are running Linux kernel 7.0 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53319 actively exploited?
No — CVE-2026-53319 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.