🛡️ CVE-2026-46050
⚪ Unknown ✅ No Known Exploit NVD
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix deadlock with check operation and nowait requests When an array check is running it will raise the barrier at which point normal requests will become blocked and increment the nr_pending value to signal there is work pending inside of wait_barrier(). NOWAIT requests do not block and so will return immediately with an error, and additionally do not increment nr_pending in wait_barrier(). Upstream change commit 43806c3d5b9b ("raid10: cleanup memleak at raid10_make_request") added a call to raid_end_bio_io() to fix a memory leak when NOWAIT requests hit this condition. raid_end_bio_io() eventually calls allow_barrier() and it will unconditionally do an atomic_dec_and_test(&conf->nr_pending) even though the corresponding increment on nr_pending didn't happen in the NOWAIT case. This can be easily seen by starting a check operation while an application is doing nowait IO on the same array. This results in a deadlocked state due to nr_pending value underflowing and so the md resync thread gets stuck waiting for nr_pending to == 0. Output of r10conf state of the array when we hit this condition: crash> struct r10conf barrier = 1, nr_pending = { counter = -41 }, nr_waiting = 15, nr_queued = 0, Example of md_sync thread stuck waiting on raise_barrier() and other requests stuck in wait_barrier(): md1_resync [] raise_barrier+0xce/0x1c0 [] raid10_sync_request+0x1ca/0x1ed0 [] md_do_sync+0x779/0x1110 [] md_thread+0x90/0x160 [] kthread+0xbe/0xf0 [] ret_from_fork+0x34/0x50 [] ret_from_fork_asm+0x1a/0x30 kworker/u1040:2+flush-253:4 [] wait_barrier+0x1de/0x220 [] regular_request_wait+0x30/0x180 [] raid10_make_request+0x261/0x1000 [] md_handle_request+0x13b/0x230 [] __submit_bio+0x107/0x1f0 [] submit_bio_noacct_nocheck+0x16f/0x390 [] ext4_io_submit+0x24/0x40 [] ext4_do_writepages+0x254/0xc80 [] ext4_writepages+0x84/0x120 [] do_writepages+0x7a/0x260 [] __writeback_single_inode+0x3d/0x300 [] writeback_sb_inodes+0x1dd/0x470 [] __writeback_inodes_wb+0x4c/0xe0 [] wb_writeback+0x18b/0x2d0 [] wb_workfn+0x2a1/0x400 [] process_one_work+0x149/0x330 [] worker_thread+0x2d2/0x410 [] kthread+0xbe/0xf0 [] ret_from_fork+0x34/0x50 [] ret_from_fork_asm+0x1a/0x30

Details

Severity Unknown
CVSS Score N/A
CVSS Vector N/A
CWE N/A
Public Exploit ✅ No
Source NVD
Published 2026-05-27
Updated 2026-06-02
Modified 2026-06-01
Fix URL N/A

Affected Packages

Software From version Fixed in
unknown

Similar Threats

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.