CVE Catalog

CVE-2026-46327

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the device mapper block device manager. The dm_blk_report_zones function checked if the device is suspended without holding any locks, leading to a race condition where the device could be suspended right after the check. The fix moves the dm_suspended_md call after acquiring the dm_get_live_table lock.

Risk Assessment

An attacker could exploit this race condition to access the device while it is being suspended, potentially causing data integrity issues or unexpected system behavior.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit in the stable branch). Monitor official security advisories from your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the device may be suspended just after it. Move the call to dm_suspended_md after dm_get_live_table, so that the device can't be suspended after the suspended state was tested.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS