dm: Race Condition in Device Mapper Block Report Zones

Publication date: 2026-06-09

Last updated on: 2026-06-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the device may be suspended just after it. Move the call to dm_suspended_md after dm_get_live_table, so that the device can't be suspended after the suspended state was tested.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-14

Generated

2026-06-30

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2026-46327

EUVD

EUVD-2026-35428

Affected Vendors & Products

Vendor	Product	Version / Range
linux	linux_kernel	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-UNKNOWN

Attack-Flow Graph

Executive Summary

This vulnerability exists in the Linux kernel's device mapper (dm) subsystem. Specifically, the function dm_blk_report_zones checks if a device is suspended by calling dm_suspended_md without holding any locks. Because no locks are held, the device's suspended state can change immediately after the check, leading to a race condition. The fix involves moving the dm_suspended_md call to after dm_get_live_table, ensuring the device cannot be suspended after the suspended state is tested.

Impact Analysis

This vulnerability could lead to inconsistent or incorrect behavior in the device mapper subsystem due to a race condition when checking the suspended state of a device. Such a race condition might cause unexpected errors or instability in systems relying on device mapper functionality, potentially affecting data integrity or system reliability.

Hi! I’m here to help you understand CVE-2026-46327. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70