CVE-2026-53123
In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5_make_request() waiting for reshape progress while still holding an active_io reference. If userspace then freezes reshape and writes md/suspend_lo or md/suspend_hi, mddev_suspend() kills active_io and waits for all in-flight IO to drain. This can deadlock: the IO needs reshape progress to continue, but the reshape thread is already frozen, so the active_io reference is never dropped and suspend never completes. raid5_prepare_suspend() already wakes wait_for_reshape for dm-raid. Do the same for normal md suspend when reshape is already interrupted, so waiting raid456 IO can abort, drop its reference, and let suspend finish. The mdadm test tests/25raid456-reshape-deadlock reproduces the hang.
Affected versions
Linux kernel versions
6.7
and later are affected. Fixed in
6.12.91,
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
4 totalFrequently asked questions
-
What is CVE-2026-53123?
CVE-2026-53123 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.7 onward and has been patched in 6.12.91, 6.18.33, 7.0.10 and others. CVE-2026-53123 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53123?
Yes — CVE-2026-53123 has been patched. Fixed versions include 6.12.91, 6.18.33, 7.0.10 and others. If you are running Linux kernel 6.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53123 actively exploited?
No — CVE-2026-53123 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.