Description
In the Linux kernel, the following vulnerability has been resolved:

dm: fix unlocked test for dm_suspended_md

The function dm_blk_report_zones tests if the device is suspended with
the "dm_suspended_md" call. However, this function is called without
holding any locks, so the device may be suspended just after it.

Move the call to dm_suspended_md after dm_get_live_table, so that the
device can't be suspended after the suspended state was tested.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the Linux kernel device‑mapper function dm_blk_report_zones allows a device to be suspended after an unlock test is performed without holding a lock. The function checks the device state by calling dm_suspended_md, but this call occurs before dm_get_live_table is called and without synchronization. If the device is suspended immediately after the unsynchronized check, subsequent zone reporting may be performed on a suspended or stale device, potentially leading to malformed data or block operation failures. The CVE description does not indicate that a kernel panic is guaranteed, and no DoS behavior is explicitly documented.

Affected Systems

All Linux kernel versions that contain dm_blk_report_zones without the recent commit that moves the dm_suspended_md check after dm_get_live_table are affected. This includes the upstream kernel and any distribution kernels that ship the same unpatched code. The common platform enumeration provided covers all Linux kernel releases.

Risk and Exploitability

The flaw is a local race condition that requires an attacker to trigger a device suspend during a narrow window of unsynchronized operation. It is not readily exploitable remotely and would most likely necessitate privileged or root access to manipulate block device operations. The CVSS score of 5.5 reflects moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local, with a requirement to control or influence the device‑mapper operation cycle.

Generated by OpenCVE AI on June 10, 2026 at 04:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the dm_suspended_md fix; the update adds locking to correct the race condition (CWE‑367) and ensures proper synchronization before checking device state.
  • Reboot the system after the update so the patched kernel is loaded, confirming that the device‑mapper functions correctly and that no race condition can occur.
  • If an immediate kernel upgrade is impossible, temporarily disable the affected device‑mapper targets or block block operations until the patch is applied; this mitigates potential misuse associated with both race conditions (CWE‑367) and improper handling of suspended state.

Generated by OpenCVE AI on June 10, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-847

Wed, 10 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Tue, 09 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
CWE-847

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the device may be suspended just after it. Move the call to dm_suspended_md after dm_get_live_table, so that the device can't be suspended after the suspended state was tested.
Title dm: fix unlocked test for dm_suspended_md
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-09T12:25:54.781Z

Reserved: 2026-05-13T15:03:33.112Z

Link: CVE-2026-46327

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T14:16:42.400

Modified: 2026-06-09T14:16:42.400

Link: CVE-2026-46327

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-09T00:00:00Z

Links: CVE-2026-46327 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T04:30:06Z

Weaknesses