Description
In the Linux kernel, the following vulnerability has been resolved:

md: wake raid456 reshape waiters before suspend

During raid456 reshape, direct IO across the reshape position can sleep
in raid5_make_request() waiting for reshape progress while still
holding an active_io reference. If userspace then freezes reshape and
writes md/suspend_lo or md/suspend_hi, mddev_suspend() kills active_io
and waits for all in-flight IO to drain.

This can deadlock: the IO needs reshape progress to continue, but the
reshape thread is already frozen, so the active_io reference is never
dropped and suspend never completes.

raid5_prepare_suspend() already wakes wait_for_reshape for dm-raid. Do
the same for normal md suspend when reshape is already interrupted, so
waiting raid456 IO can abort, drop its reference, and let suspend
finish.

The mdadm test tests/25raid456-reshape-deadlock reproduces the hang.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the Linux kernel RAID subsystem can cause a deadlock when a RAID456 reshape operation is frozen and a system suspend is requested. During the reshape, the driver holds an active_IO reference while waiting for reshape progress; if the reshape is paused and a suspend is issued via md/suspend_lo or md/suspend_hi, the suspend routine waits for all in‑flight IO to drain, but the reshape thread is frozen, so the active_IO reference never drops. This results in a system hang that prevents the operating system from completing a suspend or shutdown, effectively denying a normal shutdown or sleep operation. The flaw falls under CWE‑833: Potential Unintended Interaction Between Pattern and Interface.

Affected Systems

The issue affects kernel builds that include the RAID456 reshape code, specifically systems running MD array devices configured with RAID levels 4, 5, or 6 during a reshape operation. The vendor listing "Linux:Linux" indicates the kernel is the impacted component. No specific version range is given, so any kernel containing the referenced code is vulnerable.

Risk and Exploitability

The vulnerability requires a local privileged user to freeze a reshape and issue a suspend command through the md interface. This is an inferred attack vector based on the need to invoke mdadm or similar utilities. The CVSS score is 5.5, the EPSS score is < 1% (0.00171), and the vulnerability is not listed in CISA. The risk is moderate: in environments where privileged users can perform MD suspend operations, an attacker could cause a denial‑of‑service by blocking system suspend or shutdown.

Generated by OpenCVE AI on June 25, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the patch commits referenced in the advisory (e.g., 8ae3e14d, 8b6a7242, cf86bb53, ff6b9341).
  • Avoid pausing (freezing) a RAID456 reshape before the system is expected to suspend; schedule suspend operations only after the reshape completes or abort the reshape safely.
  • If a reshape cannot be completed, manually abort the reshape or force the reshape thread to continue by detaching the MD array or resetting the device, then retry the suspend.
  • Optionally, monitor kernel logs for mddev_suspend hang messages and restrict MD suspend commands to trusted privileged users.

Generated by OpenCVE AI on June 25, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-847

Thu, 25 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-847

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5_make_request() waiting for reshape progress while still holding an active_io reference. If userspace then freezes reshape and writes md/suspend_lo or md/suspend_hi, mddev_suspend() kills active_io and waits for all in-flight IO to drain. This can deadlock: the IO needs reshape progress to continue, but the reshape thread is already frozen, so the active_io reference is never dropped and suspend never completes. raid5_prepare_suspend() already wakes wait_for_reshape for dm-raid. Do the same for normal md suspend when reshape is already interrupted, so waiting raid456 IO can abort, drop its reference, and let suspend finish. The mdadm test tests/25raid456-reshape-deadlock reproduces the hang.
Title md: wake raid456 reshape waiters before suspend
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:52.609Z

Reserved: 2026-06-09T07:44:35.386Z

Link: CVE-2026-53123

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53123 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:30:15Z

Weaknesses