In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix leak of 'r10bio->remaining' for recovery
raid10syncrequest() will add 'r10bio->remaining' for both rdev and replacement rdev. However, if the read io fails, recoveryrequestwrite() returns without issuing the write io, in this case, endsyncrequest() is only called once and 'remaining' is leaked, cause an io hang.
Fix the problem by decreasing 'remaining' according to if 'bio' and 'repl_bio' is valid.