CVE-2026-53319 is a vulnerability in Linux Kernel
Published on June 26, 2026
blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()
In the Linux kernel, the following vulnerability has been resolved:
blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()
wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from
wbt_alloc() and wbt_init(). However, both are expected failure paths:
- wbt_alloc() can return NULL under memory pressure (-ENOMEM)
- wbt_init() can fail with -EBUSY if wbt is already registered
syzbot triggers this by injecting memory allocation failures during MTD
partition creation via ioctl(BLKPG), causing a spurious warning.
wbt_init_enable_default() is a best-effort initialization called from
blk_register_queue() with a void return type. Failure simply means the
disk operates without writeback throttling, which is harmless.
Replace WARN_ON_ONCE with plain if-checks, consistent with how
wbt_set_lat() in the same file already handles these failures. Add a
pr_warn() for the wbt_init() failure to retain diagnostic information
without triggering a full stack trace.
Products Associated with CVE-2026-53319
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 41afaeeda5099d9cd07eaa7dc6c3d20c6f1dd9e9 and below fd7a982657077469802594a5165bc30b9a55af70 is affected.
- Version 41afaeeda5099d9cd07eaa7dc6c3d20c6f1dd9e9 and below e9b004ff83067cdf96774b45aea4b239ace99a2f is affected.
- Version 7.0 is affected.
- Before 7.0 is unaffected.
- Version 7.0.10, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.