CVE-2026-46327
Received Received - Intake
dm: Race Condition in Device Mapper Block Report Zones

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the device may be suspended just after it. Move the call to dm_suspended_md after dm_get_live_table, so that the device can't be suspended after the suspended state was tested.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-46327
EUVD
EUVD-2026-35428
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's device mapper (dm) subsystem. Specifically, the function dm_blk_report_zones checks if a device is suspended by calling dm_suspended_md without holding any locks. Because no locks are held, the device's suspended state can change immediately after the check, leading to a race condition. The fix involves moving the dm_suspended_md call to after dm_get_live_table, ensuring the device cannot be suspended after the suspended state is tested.

Impact Analysis

This vulnerability could lead to inconsistent or incorrect behavior in the device mapper subsystem due to a race condition when checking the suspended state of a device. Such a race condition might cause unexpected errors or instability in systems relying on device mapper functionality, potentially affecting data integrity or system reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46327. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart