Impact
In the Linux kernel’s RAID5 driver, the function retry_aligned_read() contains a logic error that allows a stripe to be prematurely removed from the active list, causing an infinite processing loop that results in a soft lockup. This effect can temporarily halt a CPU, but it does not compromise data integrity or grant privilege escalation. The likely attack vector involves local interaction with a RAID5 array: by provoking a read request on an overlapped stripe, an attacker could trigger the loop and induce the lockup.
Affected Systems
It is inferred that all systems that run a Linux kernel containing the unpatched retry_aligned_read() logic are potentially affected, regardless of distribution or kernel release track, because the commit date is not tied to a specific kernel version range. Therefore any kernel build that includes the original code is vulnerable.
Risk and Exploitability
The CVSS score is 5.5 and EPSS score is < 1%. The vulnerability is not listed in CISA’s KEV catalogue. Exploitation requires local access to a system configured to use RAID5; an attacker could trigger the infinite loop by initiating a read on an overlapped stripe, thereby causing a persistent soft lockup. Given the lack of a remote trigger and the need for continuous I/O activity, the exploitation risk is moderate but could be high for critical services running on the affected node.
OpenCVE Enrichment
Debian DLA
Ubuntu USN