CVE-2026-46051
5.5 MEDIUMIn the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retry_aligned_read() When retry_aligne...
Published: 2026-05-27 · Last updated: 2026-06-16
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-667
Affected products
| Vendor | Product |
|---|---|
| linux | linux_kernel |
Description
In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retry_aligned_read() When retry_aligned_read() encounters an overlapped stripe, it releases the stripe via raid5_release_stripe() which puts it on the lockless released_stripes llist. In the next raid5d loop iteration, release_stripe_list() drains the stripe onto handle_list (since STRIPE_HANDLE is set by the original IO), but retry_aligned_read() runs before handle_active_stripes() and removes the stripe from handle_list via find_get_stripe() -> list_del_init(). This prevents handle_stripe() from ever processing the stripe to resolve the overlap, causing an infinite loop and soft lockup. Fix this by using __release_stripe() with temp_inactive_list instead of raid5_release_stripe() in the failure path, so the stripe does not go through the released_stripes llist. This allows raid5d to break out of its loop, and the overlap will be resolved when the stripe is eventually processed by handle_stripe().
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-46051
- [Patch]https://git.kernel.org/stable/c/09880592f5a9dc73377d6eb5ac123537b5f8df49
- [Patch]https://git.kernel.org/stable/c/1985cb3247e87ff6b8ca4bc5f9626f4f51024507
- [Patch]https://git.kernel.org/stable/c/4166d5234fe8b6c3c7f796a6c198605356c5b355
- [Patch]https://git.kernel.org/stable/c/66df9f30673db66ac35145820a8e24906069ae57
- [Patch]https://git.kernel.org/stable/c/7f9f7c697474268d9ef9479df3ddfe7cdcfbbffc
- [Patch]https://git.kernel.org/stable/c/80fc6ca2cbde018d52e13f305edcd643911bd94b
- [Patch]https://git.kernel.org/stable/c/883cc33b7af1c448663287f069ef9dfea001e90f
- [Patch]https://git.kernel.org/stable/c/a9055300e07d9d6800264d3c2560e1d0144689ca
Related CVEs
Same vendor
- CVE-2026-46273 — In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
- CVE-2026-46272 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
- CVE-2026-46271 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
- CVE-2026-46270 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)
- CVE-2026-46269 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing dev... (5.5 MEDIUM)
Same CWE
- CVE-2026-46262 — In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This... (5.5 MEDIUM)
- CVE-2026-46256 — In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_write... (5.5 MEDIUM)
- CVE-2026-46252 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error pat... (5.5 MEDIUM)
- CVE-2026-46223 — In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpu_ref kill on rmdir until cgroup is depopulat... (5.5 MEDIUM)
- CVE-2026-46165 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vp... (5.5 MEDIUM)