CVE-2026-43309
Received Received - Intake
Kernel Hang in MD RAID with DM-RAID Metadata Stopping

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed device tree is suspended from top to bottom (the top-level RAID device is suspended first, followed by its underlying metadata and data devices) - The top-level RAID device is then removed Removing the top-level device triggers a hang in the following sequence: the dm-raid destructor calls md_stop(), which tries to flush the write-intent bitmap by writing to the metadata sub-devices. However, these devices are already suspended, making them unable to complete the write-intent operations and causing an indefinite block. Fix: - Prevent bitmap flushing when md_stop() is called from dm-raid destructor context and avoid a quiescing/unquescing cycle which could also cause I/O - Still allow write-intent bitmap flushing when called from dm-raid suspend context This ensures that RAID array teardown can complete successfully even when the underlying devices are in a suspended state. This second patch uses md_is_rdwr() to distinguish between suspend and destructor paths as elaborated on above.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43309
EUVD
EUVD-2026-28579
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's device-mapper dm-raid target when stopping RAID arrays that use metadata. Specifically, if the device tree managed by dm-raid is suspended from top to bottom and then the top-level RAID device is removed, the system can hang.

The hang happens because the dm-raid destructor calls md_stop(), which tries to flush the write-intent bitmap by writing to metadata sub-devices. However, these sub-devices are already suspended and cannot complete the write operations, causing an indefinite block.

The fix prevents bitmap flushing during md_stop() when called from the dm-raid destructor context, avoiding the hang, while still allowing flushing during suspend operations.


How can this vulnerability impact me? :

This vulnerability can cause the system to hang indefinitely when stopping RAID arrays managed by dm-raid under certain conditions. This can lead to system unresponsiveness and potential downtime.

Such hangs can disrupt normal operations, potentially causing data access delays or interruptions in services relying on the RAID arrays.


What immediate steps should I take to mitigate this vulnerability?

This vulnerability occurs when stopping dm-raid managed RAID arrays causes the system to hang due to suspended metadata devices blocking write-intent bitmap flushing.

To mitigate this issue immediately, ensure that your Linux kernel is updated to a version that includes the fix which prevents bitmap flushing during the dm-raid destructor context and avoids the quiescing/unquescing cycle.

If updating is not immediately possible, avoid stopping RAID arrays managed by dm-raid while the device tree is suspended, as this triggers the hang.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart