CVE-2026-43314

Source
https://cve.org/CVERecord?id=CVE-2026-43314
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43314.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43314
Downstream
Published
2026-05-08T13:11:31.068Z
Modified
2026-06-18T03:57:09.985249812Z
Summary
dm: remove fake timeout to avoid leak request
Details

In the Linux kernel, the following vulnerability has been resolved:

dm: remove fake timeout to avoid leak request

Since commit 15f73f5b3e59 ("blk-mq: move failure injection out of blkmqcompleterequest"), drivers are responsible for calling blkshouldfaketimeout() at appropriate code paths and opportunities.

However, the dm driver does not implement its own timeout handler and relies on the timeout handling of its slave devices.

If an io-timeout-fail error is injected to a dm device, the request will be leaked and never completed, causing tasks to hang indefinitely.

Reproduce: 1. prepare dm which has iscsi slave device 2. inject io-timeout-fail to dm echo 1 >/sys/class/block/dm-0/io-timeout-fail echo 100 >/sys/kernel/debug/failiotimeout/probability echo 10 >/sys/kernel/debug/failiotimeout/times 3. read/write dm 4. iscsiadm -m node -u

Result: hang task like below [ 862.243768] INFO: task kworker/u514:2:151 blocked for more than 122 seconds. [ 862.244133] Tainted: G E 6.19.0-rc1+ #51 [ 862.244337] "echo 0 > /proc/sys/kernel/hungtasktimeoutsecs" disables this message. [ 862.244718] task:kworker/u514:2 state:D stack:0 pid:151 tgid:151 ppid:2 taskflags:0x4288060 flags:0x00080000 [ 862.245024] Workqueue: iscsictrl3:1 __iscsiunbindsession [scsitransportiscsi] [ 862.245264] Call Trace: [ 862.245587] <TASK> [ 862.245814] __schedule+0x810/0x15c0 [ 862.246557] schedule+0x69/0x180 [ 862.246760] blkmqfreezequeuewait+0xde/0x120 [ 862.247688] elevatorchange+0x16d/0x460 [ 862.247893] elevatorsetnone+0x87/0xf0 [ 862.248798] blkunregister_queue+0x12e/0x2a0 [ 862.248995] __delgendisk+0x231/0x7e0 [ 862.250143] delgendisk+0x12f/0x1d0 [ 862.250339] sdremove+0x85/0x130 [sdmod] [ 862.250650] devicereleasedriverinternal+0x36d/0x530 [ 862.250849] busremovedevice+0x1dd/0x3f0 [ 862.251042] devicedel+0x38a/0x930 [ 862.252095] __scsiremovedevice+0x293/0x360 [ 862.252291] scsiremovetarget+0x486/0x760 [ 862.252654] __iscsiunbindsession+0x18a/0x3e0 [scsitransportiscsi] [ 862.252886] processonework+0x633/0xe50 [ 862.253101] workerthread+0x6df/0xf10 [ 862.253647] kthread+0x36d/0x720 [ 862.254533] retfromfork+0x2a6/0x470 [ 862.255852] retfromforkasm+0x1a/0x30 [ 862.256037] </TASK>

Remove the blkshouldfake_timeout() check from dm, as dm has no native timeout handling and should not attempt to fake timeouts.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43314.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e6ee8c0b767540f59e20da3ced282601db8aa502
Fixed
ece6720de9403260088209b0b92d45e0b49ff856
Fixed
8200fca818c1e2f65bc6cb16d934ff6049302197
Fixed
b307b6307f6459841312432bd4bc9519cbac97f5
Fixed
4f9e7ca933a9fbf9912a384b061a00c77332cbf0
Fixed
cf2d06c9fd4b6521ea5b7f73c99c64c2c6f5e224
Fixed
6cdb21e0c9fdee484feba14fc9e72e9d07daf9f3
Fixed
c8a23d4c995ef4227bd4de64cd3910637ee6162e
Fixed
f3a9c95a15d2f4466acad5c68faeff79ca5e9f47

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43314.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.31
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43314.json"