CVE-2026-45953
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel within the md/raid5 module that leads to I/O hang in degraded arrays with llbitmap. The issue arises from a missing check on the state of bits, resulting in a deadloop during stripe handling.
Risk Assessment
Organizations may experience significant data availability issues, potentially leading to data loss or prolonged downtime in systems utilizing degraded RAID arrays.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and prevent potential data availability issues.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmap_ops->blocks_synced() is checked in handle_stripe_dirtying(). However, later the same check is missing in need_this_block(), causing stripe to deadloop during handling because handle_stripe() will decide to go to handle_stripe_fill(), meanwhile need_this_block() always return 0 and nothing is handled.

