{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43309","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:56.000Z","datePublished":"2026-05-08T13:11:27.595Z","dateUpdated":"2026-05-11T22:22:04.039Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:22:04.039Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd raid: fix hang when stopping arrays with metadata through dm-raid\n\nWhen using device-mapper's dm-raid target, stopping a RAID array can cause\nthe system to hang under specific conditions.\n\nThis occurs when:\n\n- A dm-raid managed device tree is suspended from top to bottom\n   (the top-level RAID device is suspended first, followed by its\n    underlying metadata and data devices)\n\n- The top-level RAID device is then removed\n\nRemoving the top-level device triggers a hang in the following sequence:\nthe dm-raid destructor calls md_stop(), which tries to flush the\nwrite-intent bitmap by writing to the metadata sub-devices. However, these\ndevices are already suspended, making them unable to complete the write-intent\noperations and causing an indefinite block.\n\nFix:\n\n- Prevent bitmap flushing when md_stop() is called from dm-raid\ndestructor context\n  and avoid a quiescing/unquescing cycle which could also cause I/O\n\n- Still allow write-intent bitmap flushing when called from dm-raid\nsuspend context\n\nThis ensures that RAID array teardown can complete successfully even when the\nunderlying devices are in a suspended state.\n\nThis second patch uses md_is_rdwr() to distinguish between suspend and\ndestructor paths as elaborated on above."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/md.c"],"versions":[{"version":"0dd84b319352bb8ba64752d4e45396d8b13e6018","lessThan":"24783dd06de870d646c25207bae186f78195f912","status":"affected","versionType":"git"},{"version":"0dd84b319352bb8ba64752d4e45396d8b13e6018","lessThan":"338378dfffbdbb8d37a18f0a0c0358812671f91e","status":"affected","versionType":"git"},{"version":"0dd84b319352bb8ba64752d4e45396d8b13e6018","lessThan":"cefcb9297fbdb6d94b61787b4f8d84f55b741470","status":"affected","versionType":"git"},{"version":"1678ca35b80a94d474fdc31e2497ce5d7ed52512","status":"affected","versionType":"git"},{"version":"690b5c90fd2d81fd1d2b6110fa36783232f6dce2","status":"affected","versionType":"git"},{"version":"8e7fb19f1a744fd34e982633ced756fee0498ef7","status":"affected","versionType":"git"},{"version":"a5a58fab556bfe618b4c9719eb85712d78c6cb10","status":"affected","versionType":"git"},{"version":"661c01b2181d9413c799127f13143583b69f20fd","status":"affected","versionType":"git"},{"version":"f42a9819ba84bed2e609a4dff56af37063dcabdc","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/md.c"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.18.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"7.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.292"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.257"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.212"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/24783dd06de870d646c25207bae186f78195f912"},{"url":"https://git.kernel.org/stable/c/338378dfffbdbb8d37a18f0a0c0358812671f91e"},{"url":"https://git.kernel.org/stable/c/cefcb9297fbdb6d94b61787b4f8d84f55b741470"}],"title":"md raid: fix hang when stopping arrays with metadata through dm-raid","x_generator":{"engine":"bippy-1.2.0"}}}}