Impact
A race condition in the Linux kernel RAID subsystem can cause a deadlock when a RAID456 reshape operation is frozen and a system suspend is requested. During the reshape, the driver holds an active_IO reference while waiting for reshape progress; if the reshape is paused and a suspend is issued via md/suspend_lo or md/suspend_hi, the suspend routine waits for all in‑flight IO to drain, but the reshape thread is frozen, so the active_IO reference never drops. This results in a system hang that prevents the operating system from completing a suspend or shutdown, effectively denying a normal shutdown or sleep operation. The flaw falls under CWE‑833: Potential Unintended Interaction Between Pattern and Interface.
Affected Systems
The issue affects kernel builds that include the RAID456 reshape code, specifically systems running MD array devices configured with RAID levels 4, 5, or 6 during a reshape operation. The vendor listing "Linux:Linux" indicates the kernel is the impacted component. No specific version range is given, so any kernel containing the referenced code is vulnerable.
Risk and Exploitability
The vulnerability requires a local privileged user to freeze a reshape and issue a suspend command through the md interface. This is an inferred attack vector based on the need to invoke mdadm or similar utilities. The CVSS score is 5.5, the EPSS score is < 1% (0.00171), and the vulnerability is not listed in CISA. The risk is moderate: in environments where privileged users can perform MD suspend operations, an attacker could cause a denial‑of‑service by blocking system suspend or shutdown.
OpenCVE Enrichment