Skip to main content

Linux Kernel CVE-2026-43309

| EUVDEUVD-2026-28579 MEDIUM
2026-05-08 Linux GHSA-v56g-44rc-67wq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 20:15 vuln.today
CVSS changed
May 15, 2026 - 18:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:33 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

md raid: fix hang when stopping arrays with metadata through dm-raid

When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions.

This occurs when:

  • A dm-raid managed device tree is suspended from top to bottom

(the top-level RAID device is suspended first, followed by its underlying metadata and data devices)

  • The top-level RAID device is then removed

Removing the top-level device triggers a hang in the following sequence: the dm-raid destructor calls md_stop(), which tries to flush the write-intent bitmap by writing to the metadata sub-devices. However, these devices are already suspended, making them unable to complete the write-intent operations and causing an indefinite block.

Fix:

  • Prevent bitmap flushing when md_stop() is called from dm-raid

destructor context and avoid a quiescing/unquescing cycle which could also cause I/O

  • Still allow write-intent bitmap flushing when called from dm-raid

suspend context

This ensures that RAID array teardown can complete successfully even when the underlying devices are in a suspended state.

This second patch uses md_is_rdwr() to distinguish between suspend and destructor paths as elaborated on above.

AnalysisAI

System hang during RAID array teardown affects Linux kernel's dm-raid target when metadata devices are suspended before removal. The vulnerability triggers when stopping dm-raid managed arrays, causing md_stop() to indefinitely block while attempting to flush write-intent bitmaps to already-suspended metadata devices. With EPSS exploitation probability at 0.02% (4th percentile) and vendor patches available for kernel versions 6.18.16, 6.19.6, and 7.0, this represents a local denial-of-service risk requiring low privileges but poses minimal risk in most environments due to the specific dm-raid configuration prerequisite.

Technical ContextAI

The vulnerability exists in the Linux kernel's MD RAID subsystem, specifically in the interaction between device-mapper's dm-raid target and the MD layer's array teardown logic. When dm-raid suspends a device tree from top to bottom, the underlying metadata and data devices enter a suspended state where I/O operations cannot complete. The md_stop() function in the MD layer attempts to flush write-intent bitmaps during array shutdown, issuing write operations to these suspended metadata devices. This creates a deadlock condition where md_stop() blocks indefinitely waiting for I/O completion that can never occur due to the suspended state. The fix introduces logic to detect when md_stop() is called from dm-raid destructor context versus suspend context, using md_is_rdwr() to distinguish between these paths and skip bitmap flushing only during teardown while preserving it during normal suspend operations.

RemediationAI

Apply vendor-released patches for Linux kernel versions 6.18.16, 6.19.6, or 7.0 from distribution repositories. Upstream fixes are available at https://git.kernel.org/stable/c/24783dd06de870d646c25207bae186f78195f912, https://git.kernel.org/stable/c/cefcb9297fbdb6d94b61787b4f8d84f55b741470, and https://git.kernel.org/stable/c/338378dfffbdbb8d37a18f0a0c0358812671f91e for manual backporting if required. If immediate patching is not feasible, implement operational workarounds: avoid suspending dm-raid device trees from top to bottom before removal, instead remove the top-level RAID device first while devices remain active, or use standard mdadm RAID management instead of dm-raid target where architecturally possible. Note that switching from dm-raid to mdadm requires array reconstruction and data migration, making it suitable only for new deployments or maintenance windows. Monitor for system hangs during RAID array management operations and establish recovery procedures including forced device activation or system restart protocols.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43309 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy