PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46050 Linux CVE debrief

A vulnerability in the Linux kernel's RAID10 (md/raid10) implementation can cause a deadlock condition when array consistency checks run concurrently with NOWAIT I/O requests. The issue stems from an accounting imbalance in the barrier synchronization mechanism introduced by a prior memory-leak fix.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations running Linux systems with md/raid10 arrays, particularly those using NOWAIT I/O patterns common in database and high-performance storage workloads, and systems performing automated array consistency checks

Technical summary

The Linux kernel's md/raid10 driver contains a synchronization bug where NOWAIT I/O requests during array consistency checks cause the nr_pending counter to underflow, leading to deadlock. Normal I/O requests increment nr_pending in wait_barrier() when blocked by an active barrier, and decrement it via allow_barrier() in raid_end_bio_io(). NOWAIT requests return immediately without incrementing nr_pending, but the memory-leak fix in commit 43806c3d5b9b added unconditional allow_barrier() calls that decrement regardless. This imbalance causes nr_pending to become negative, preventing raise_barrier() from completing and stalling the md resync thread indefinitely. The crash output shows nr_pending at -41 with 15 threads waiting, confirming the underflow condition.

Defensive priority

high

Recommended defensive actions

  • Apply kernel patches from stable tree commits for affected versions
  • Monitor md/raid10 arrays for stuck resync operations during I/O workloads
  • Review systems using RAID10 with NOWAIT I/O patterns (databases, high-performance storage)
  • Check kernel logs for md_sync thread stalls and nr_pending underflow indicators
  • Prioritize patching on systems running array consistency checks with concurrent NOWAIT workloads

Evidence notes

The vulnerability description was published by CVE.org on 2026-05-27 and is sourced from the Linux kernel stable tree commits. The issue involves a race condition between raid10_sync_request (array check/resync operations) and raid10_make_request with NOWAIT I/O flags. The root cause is commit 43806c3d5b9b (raid10: cleanup memleak at raid10_make_request) which added raid_end_bio_io() calls that unconditionally decrement nr_pending via allow_barrier(), even when NOWAIT requests bypass the corresponding increment in wait_barrier(). This causes nr_pending to underflow (observed at -41 in crash dumps), preventing the resync thread from completing raise_barrier() and deadlocking the array.

Official resources

2026-05-27