CVE-2026-23356

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A logic error exists in the drbd al begin io nonblock() function within the Linux kernel’s DRBD module. The issue arises from a potential failure in lc get cumulative() while holding the device->al lock spinlock, due to timing issues with lc try lock(). This can lead to a situation where the system incorrectly assumes request references for activity log extents. The implications include a lack of guaranteed mutual exclusivity between resync operations and application I/O, potentially causing a kernel crash. Additionally, the code may release activity log references it does not hold, triggering a bug check in lc put(). The fix involves handling the possibility of lc get cumulative() failing and returning an error code from drbd al begin io nonblock(), allowing subsequent calls to resume from the point of interruption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.