CVE Catalog

CVE-2026-45953

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel within the md/raid5 module that leads to I/O hang in degraded arrays with llbitmap. The issue arises from a missing check on the state of bits, resulting in a deadloop during stripe handling.

Risk Assessment

Organizations may experience significant data availability issues, potentially leading to data loss or prolonged downtime in systems utilizing degraded RAID arrays.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and prevent potential data availability issues.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmap_ops->blocks_synced() is checked in handle_stripe_dirtying(). However, later the same check is missing in need_this_block(), causing stripe to deadloop during handling because handle_stripe() will decide to go to handle_stripe_fill(), meanwhile need_this_block() always return 0 and nothing is handled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS