{"api_version":"1","generated_at":"2026-04-19T01:15:04+00:00","cve":"CVE-2026-23356","urls":{"html":"https://cve.report/CVE-2026-23356","api":"https://cve.report/api/cve/CVE-2026-23356.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-23356","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-23356"},"summary":{"title":"drbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()\n\nEven though we check that we \"should\" be able to do lc_get_cumulative()\nwhile holding the device->al_lock spinlock, it may still fail,\nif some other code path decided to do lc_try_lock() with bad timing.\n\nIf that happened, we logged \"LOGIC BUG for enr=...\",\nbut still did not return an error.\n\nThe rest of the code now assumed that this request has references\nfor the relevant activity log extents.\n\nThe implcations are that during an active resync, mutual exclusivity of\nresync versus application IO is not guaranteed. And a potential crash\nat this point may not realizs that these extents could have been target\nof in-flight IO and would need to be resynced just in case.\n\nAlso, once the request completes, it will give up activity log references it\ndoes not even hold, which will trigger a BUG_ON(refcnt == 0) in lc_put().\n\nFix:\n\nDo not crash the kernel for a condition that is harmless during normal\noperation: also catch \"e->refcnt == 0\", not only \"e == NULL\"\nwhen being noisy about \"al_complete_io() called on inactive extent %u\\n\".\n\nAnd do not try to be smart and \"guess\" whether something will work, then\nbe surprised when it does not.\nDeal with the fact that it may or may not work.  If it does not, remember a\npossible \"partially in activity log\" state (only possible for requests that\ncross extent boundaries), and return an error code from\ndrbd_al_begin_io_nonblock().\n\nA latter call for the same request will then resume from where we left off.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-03-25 11:16:34","updated_at":"2026-04-18 09:16:20"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/cf01aa6288e1190f89865e765056e2a9d8190639","name":"https://git.kernel.org/stable/c/cf01aa6288e1190f89865e765056e2a9d8190639","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/eef1390125b660b8b61f9f227a03bb9c5e6d36a5","name":"https://git.kernel.org/stable/c/eef1390125b660b8b61f9f227a03bb9c5e6d36a5","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d1ef3aed4df2ef1fe46befd8f2da9a6ec5445508","name":"https://git.kernel.org/stable/c/d1ef3aed4df2ef1fe46befd8f2da9a6ec5445508","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/7752569fc78e89794ce28946529850282233f99d","name":"https://git.kernel.org/stable/c/7752569fc78e89794ce28946529850282233f99d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ab140365fb62c0bdab22b2f516aff563b2559e3b","name":"https://git.kernel.org/stable/c/ab140365fb62c0bdab22b2f516aff563b2559e3b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e91d8d6565b7819d13dab21d4dbed5b45efba59b","name":"https://git.kernel.org/stable/c/e91d8d6565b7819d13dab21d4dbed5b45efba59b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/933d161baa3794547adee621c0bf52cbf2c1b3cd","name":"https://git.kernel.org/stable/c/933d161baa3794547adee621c0bf52cbf2c1b3cd","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f558e5404a72054b525dced1a0c66aa95a144153","name":"https://git.kernel.org/stable/c/f558e5404a72054b525dced1a0c66aa95a144153","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-23356","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23356","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 933d161baa3794547adee621c0bf52cbf2c1b3cd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 cf01aa6288e1190f89865e765056e2a9d8190639 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 7752569fc78e89794ce28946529850282233f99d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 e91d8d6565b7819d13dab21d4dbed5b45efba59b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 eef1390125b660b8b61f9f227a03bb9c5e6d36a5 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 d1ef3aed4df2ef1fe46befd8f2da9a6ec5445508 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 f558e5404a72054b525dced1a0c66aa95a144153 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 ab140365fb62c0bdab22b2f516aff563b2559e3b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3.10","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 3.10 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.253 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.167 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.130 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.77 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.17 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.7 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"23356","cve":"CVE-2026-23356","epss":"0.000320000","percentile":"0.090980000","score_date":"2026-04-18","updated_at":"2026-04-19 00:10:43"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/block/drbd/drbd_actlog.c","drivers/block/drbd/drbd_interval.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"933d161baa3794547adee621c0bf52cbf2c1b3cd","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"},{"lessThan":"cf01aa6288e1190f89865e765056e2a9d8190639","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"},{"lessThan":"7752569fc78e89794ce28946529850282233f99d","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"},{"lessThan":"e91d8d6565b7819d13dab21d4dbed5b45efba59b","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"},{"lessThan":"eef1390125b660b8b61f9f227a03bb9c5e6d36a5","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"},{"lessThan":"d1ef3aed4df2ef1fe46befd8f2da9a6ec5445508","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"},{"lessThan":"f558e5404a72054b525dced1a0c66aa95a144153","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"},{"lessThan":"ab140365fb62c0bdab22b2f516aff563b2559e3b","status":"affected","version":"08a1ddab6df7d3c7b6341774cb1cf4b21b96a214","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/block/drbd/drbd_actlog.c","drivers/block/drbd/drbd_interval.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"3.10"},{"lessThan":"3.10","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.253","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.167","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.130","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.77","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.17","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.7","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.253","versionStartIncluding":"3.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"3.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.167","versionStartIncluding":"3.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.130","versionStartIncluding":"3.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.77","versionStartIncluding":"3.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.17","versionStartIncluding":"3.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.7","versionStartIncluding":"3.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"3.10","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()\n\nEven though we check that we \"should\" be able to do lc_get_cumulative()\nwhile holding the device->al_lock spinlock, it may still fail,\nif some other code path decided to do lc_try_lock() with bad timing.\n\nIf that happened, we logged \"LOGIC BUG for enr=...\",\nbut still did not return an error.\n\nThe rest of the code now assumed that this request has references\nfor the relevant activity log extents.\n\nThe implcations are that during an active resync, mutual exclusivity of\nresync versus application IO is not guaranteed. And a potential crash\nat this point may not realizs that these extents could have been target\nof in-flight IO and would need to be resynced just in case.\n\nAlso, once the request completes, it will give up activity log references it\ndoes not even hold, which will trigger a BUG_ON(refcnt == 0) in lc_put().\n\nFix:\n\nDo not crash the kernel for a condition that is harmless during normal\noperation: also catch \"e->refcnt == 0\", not only \"e == NULL\"\nwhen being noisy about \"al_complete_io() called on inactive extent %u\\n\".\n\nAnd do not try to be smart and \"guess\" whether something will work, then\nbe surprised when it does not.\nDeal with the fact that it may or may not work.  If it does not, remember a\npossible \"partially in activity log\" state (only possible for requests that\ncross extent boundaries), and return an error code from\ndrbd_al_begin_io_nonblock().\n\nA latter call for the same request will then resume from where we left off."}],"providerMetadata":{"dateUpdated":"2026-04-18T08:58:08.080Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/933d161baa3794547adee621c0bf52cbf2c1b3cd"},{"url":"https://git.kernel.org/stable/c/cf01aa6288e1190f89865e765056e2a9d8190639"},{"url":"https://git.kernel.org/stable/c/7752569fc78e89794ce28946529850282233f99d"},{"url":"https://git.kernel.org/stable/c/e91d8d6565b7819d13dab21d4dbed5b45efba59b"},{"url":"https://git.kernel.org/stable/c/eef1390125b660b8b61f9f227a03bb9c5e6d36a5"},{"url":"https://git.kernel.org/stable/c/d1ef3aed4df2ef1fe46befd8f2da9a6ec5445508"},{"url":"https://git.kernel.org/stable/c/f558e5404a72054b525dced1a0c66aa95a144153"},{"url":"https://git.kernel.org/stable/c/ab140365fb62c0bdab22b2f516aff563b2559e3b"}],"title":"drbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-23356","datePublished":"2026-03-25T10:27:40.454Z","dateReserved":"2026-01-13T15:37:46.000Z","dateUpdated":"2026-04-18T08:58:08.080Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-25 11:16:34","lastModifiedDate":"2026-04-18 09:16:20","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"23356","Ordinal":"1","Title":"drbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()","CVE":"CVE-2026-23356","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"23356","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()\n\nEven though we check that we \"should\" be able to do lc_get_cumulative()\nwhile holding the device->al_lock spinlock, it may still fail,\nif some other code path decided to do lc_try_lock() with bad timing.\n\nIf that happened, we logged \"LOGIC BUG for enr=...\",\nbut still did not return an error.\n\nThe rest of the code now assumed that this request has references\nfor the relevant activity log extents.\n\nThe implcations are that during an active resync, mutual exclusivity of\nresync versus application IO is not guaranteed. And a potential crash\nat this point may not realizs that these extents could have been target\nof in-flight IO and would need to be resynced just in case.\n\nAlso, once the request completes, it will give up activity log references it\ndoes not even hold, which will trigger a BUG_ON(refcnt == 0) in lc_put().\n\nFix:\n\nDo not crash the kernel for a condition that is harmless during normal\noperation: also catch \"e->refcnt == 0\", not only \"e == NULL\"\nwhen being noisy about \"al_complete_io() called on inactive extent %u\\n\".\n\nAnd do not try to be smart and \"guess\" whether something will work, then\nbe surprised when it does not.\nDeal with the fact that it may or may not work.  If it does not, remember a\npossible \"partially in activity log\" state (only possible for requests that\ncross extent boundaries), and return an error code from\ndrbd_al_begin_io_nonblock().\n\nA latter call for the same request will then resume from where we left off.","Type":"Description","Title":"drbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()"}]}}}