CVE-2026-53319

MEDIUM

blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from wbt_alloc() and wbt_init(). However, both are expected failure paths: - wbt_alloc() can return NULL under memory pressure (-ENOMEM) - wbt_init() can fail with -EBUSY if wbt is already registered syzbot triggers this by injecting memory allocation failures during MTD partition creation via ioctl(BLKPG), causing a spurious warning. wbt_init_enable_default() is a best-effort initialization called from blk_register_queue() with a void return type. Failure simply means the disk operates without writeback throttling, which is harmless. Replace WARN_ON_ONCE with plain if-checks, consistent with how wbt_set_lat() in the same file already handles these failures. Add a pr_warn() for the wbt_init() failure to retain diagnostic information without triggering a full stack trace.

Scores

CVSS v3 5.5
EPSS 0.0010
EPSS Percentile 1.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-617
Status published
Products (8)
linux/Kernel 7.0.0 - 7.0.10linux
Linux/Linux < 7.0
Linux/Linux 41afaeeda5099d9cd07eaa7dc6c3d20c6f1dd9e9 - e9b004ff83067cdf96774b45aea4b239ace99a2f
Linux/Linux 41afaeeda5099d9cd07eaa7dc6c3d20c6f1dd9e9 - fd7a982657077469802594a5165bc30b9a55af70
Linux/Linux 7.0
Linux/Linux 7.0.10 - 7.0.*
Linux/Linux 7.1
linux/linux_kernel 7.0 - 7.0.10
Published Jun 26, 2026
Tracked Since Jun 27, 2026