md raid: fix hang when stopping arrays with metadata through dm-raid
Summary
| CVE | CVE-2026-43309 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-08 14:16:38 UTC |
| Updated | 2026-05-12 14:10:27 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed device tree is suspended from top to bottom (the top-level RAID device is suspended first, followed by its underlying metadata and data devices) - The top-level RAID device is then removed Removing the top-level device triggers a hang in the following sequence: the dm-raid destructor calls md_stop(), which tries to flush the write-intent bitmap by writing to the metadata sub-devices. However, these devices are already suspended, making them unable to complete the write-intent operations and causing an indefinite block. Fix: - Prevent bitmap flushing when md_stop() is called from dm-raid destructor context and avoid a quiescing/unquescing cycle which could also cause I/O - Still allow write-intent bitmap flushing when called from dm-raid suspend context This ensures that RAID array teardown can complete successfully even when the underlying devices are in a suspended state. This second patch uses md_is_rdwr() to distinguish between suspend and destructor paths as elaborated on above. |
Risk And Classification
EPSS: 0.000170000 probability, percentile 0.041320000 (date 2026-05-12)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 0dd84b319352bb8ba64752d4e45396d8b13e6018 24783dd06de870d646c25207bae186f78195f912 git | Not specified |
| CNA | Linux | Linux | affected 0dd84b319352bb8ba64752d4e45396d8b13e6018 338378dfffbdbb8d37a18f0a0c0358812671f91e git | Not specified |
| CNA | Linux | Linux | affected 0dd84b319352bb8ba64752d4e45396d8b13e6018 cefcb9297fbdb6d94b61787b4f8d84f55b741470 git | Not specified |
| CNA | Linux | Linux | affected 1678ca35b80a94d474fdc31e2497ce5d7ed52512 git | Not specified |
| CNA | Linux | Linux | affected 690b5c90fd2d81fd1d2b6110fa36783232f6dce2 git | Not specified |
| CNA | Linux | Linux | affected 8e7fb19f1a744fd34e982633ced756fee0498ef7 git | Not specified |
| CNA | Linux | Linux | affected a5a58fab556bfe618b4c9719eb85712d78c6cb10 git | Not specified |
| CNA | Linux | Linux | affected 661c01b2181d9413c799127f13143583b69f20fd git | Not specified |
| CNA | Linux | Linux | affected f42a9819ba84bed2e609a4dff56af37063dcabdc git | Not specified |
| CNA | Linux | Linux | affected 6.0 | Not specified |
| CNA | Linux | Linux | unaffected 6.0 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.16 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.6 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/24783dd06de870d646c25207bae186f78195f912 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/cefcb9297fbdb6d94b61787b4f8d84f55b741470 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/338378dfffbdbb8d37a18f0a0c0358812671f91e | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.