CVE-2026-43309
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
md raid: fix hang when stopping arrays with metadata through dm-raid
When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions.
This occurs when:
A dm-raid managed device tree is suspended from top to bottom (the top-level RAID device is suspended first, followed by its underlying metadata and data devices)
The top-level RAID device is then removed
Removing the top-level device triggers a hang in the following sequence: the dm-raid destructor calls md_stop(), which tries to flush the write-intent bitmap by writing to the metadata sub-devices. However, these devices are already suspended, making them unable to complete the write-intent operations and causing an indefinite block.
Fix:
Prevent bitmap flushing when md_stop() is called from dm-raid destructor context and avoid a quiescing/unquescing cycle which could also cause I/O
Still allow write-intent bitmap flushing when called from dm-raid suspend context
This ensures that RAID array teardown can complete successfully even when the underlying devices are in a suspended state.
This second patch uses md_is_rdwr() to distinguish between suspend and destructor paths as elaborated on above.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0dd84b319352bb8ba64752d4e45396d8b13e6018 < 24783dd06de870d646c25207bae186f78195f912 | affected |
| Linux | Linux | 0dd84b319352bb8ba64752d4e45396d8b13e6018 < 338378dfffbdbb8d37a18f0a0c0358812671f91e | affected |
| Linux | Linux | 0dd84b319352bb8ba64752d4e45396d8b13e6018 < cefcb9297fbdb6d94b61787b4f8d84f55b741470 | affected |
| Linux | Linux | 1678ca35b80a94d474fdc31e2497ce5d7ed52512 | affected |
| Linux | Linux | 690b5c90fd2d81fd1d2b6110fa36783232f6dce2 | affected |
| Linux | Linux | 8e7fb19f1a744fd34e982633ced756fee0498ef7 | affected |
| Linux | Linux | a5a58fab556bfe618b4c9719eb85712d78c6cb10 | affected |
| Linux | Linux | 661c01b2181d9413c799127f13143583b69f20fd | affected |
| Linux | Linux | f42a9819ba84bed2e609a4dff56af37063dcabdc | affected |
| Linux | Linux | 4.14.292 < 4.15 | affected |
| Linux | Linux | 4.19.257 < 4.20 | affected |
| Linux | Linux | 5.4.212 < 5.5 | affected |
| Linux | Linux | 5.10.140 < 5.11 | affected |
| Linux | Linux | 5.15.64 < 5.16 | affected |
| Linux | Linux | 5.19.6 < 5.20 | affected |
| Linux | Linux | 6.0 | affected |
| Linux | Linux | 0 < 6.0 | unaffected |
| Linux | Linux | 6.18.16 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.6 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/24783dd06de870d646c25207bae186f78195f912
- https://git.kernel.org/stable/c/338378dfffbdbb8d37a18f0a0c0358812671f91e
- https://git.kernel.org/stable/c/cefcb9297fbdb6d94b61787b4f8d84f55b741470
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.