CVE-2026-53123
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5_make_request() waiting for reshape progress while still holding an active_io reference. If userspace then freezes reshape and writes md/suspend_lo or md/suspend_hi, mddev_suspend() kills active_io and waits for all in-flight IO to drain. This can deadlock: the IO needs reshape progress to continue, but the reshape thread is already frozen, so the active_io reference is never dropped and suspend never completes. raid5_prepare_suspend() already wakes wait_for_reshape for dm-raid. Do the same for normal md suspend when reshape is already interrupted, so waiting raid456 IO can abort, drop its reference, and let suspend finish. The mdadm test tests/25raid456-reshape-deadlock reproduces the hang.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53123
EUVD
EUVD-2026-38991
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux mdadm *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's md (multiple device) subsystem during a raid456 reshape operation. When direct IO crosses the reshape position, it can sleep in the raid5_make_request() function waiting for the reshape to progress while still holding an active_io reference. If userspace freezes the reshape and writes to md/suspend_lo or md/suspend_hi, the mddev_suspend() function kills active_io and waits for all in-flight IO to drain.

The problem is a deadlock: the IO operation needs the reshape to progress to continue, but the reshape thread is already frozen. As a result, the active_io reference is never released, and the suspend operation never completes.

The fix involves waking the raid456 reshape waiters before suspend, similar to what raid5_prepare_suspend() does for dm-raid, allowing waiting raid456 IO to abort, drop its reference, and let the suspend finish.

Impact Analysis

This vulnerability can cause a deadlock during raid456 reshape operations in the Linux kernel, leading to system hangs or freezes when attempting to suspend the md device. This can impact system availability and reliability, potentially causing disruptions in environments relying on RAID for data storage and redundancy.

Detection Guidance

This vulnerability can cause a deadlock during raid456 reshape operations in the Linux kernel, leading to a system hang or freeze when suspend operations are attempted.

Detection can involve monitoring for system hangs or freezes related to md (multiple device) RAID operations, especially during reshape or suspend activities.

The mdadm test 'tests/25raid456-reshape-deadlock' is known to reproduce the hang caused by this issue.

No specific commands are provided in the available information to detect this vulnerability directly.

Mitigation Strategies

The vulnerability has been resolved by ensuring that during raid456 reshape suspend operations, waiters are properly woken up to avoid deadlocks.

Immediate mitigation steps would include updating the Linux kernel to a version that includes this fix.

Until the fix is applied, avoid suspending systems during raid456 reshape operations to prevent potential deadlocks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53123. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart