In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix soft lockup in retryalignedread()
When retryalignedread() encounters an overlapped stripe, it releases the stripe via raid5releasestripe() which puts it on the lockless releasedstripes llist. In the next raid5d loop iteration, releasestripelist() drains the stripe onto handlelist (since STRIPEHANDLE is set by the original IO), but retryalignedread() runs before handleactivestripes() and removes the stripe from handlelist via findgetstripe() -> listdelinit(). This prevents handle_stripe() from ever processing the stripe to resolve the overlap, causing an infinite loop and soft lockup.
Fix this by using _releasestripe() with tempinactivelist instead of raid5releasestripe() in the failure path, so the stripe does not go through the releasedstripes llist. This allows raid5d to break out of its loop, and the overlap will be resolved when the stripe is eventually processed by handlestripe().
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46051.json",
"cna_assigner": "Linux"
}