CVE-2026-45955 - Vulnerability Details

- md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout

Description

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout

When llbitmap_suspend_timeout() times out waiting for percpu_ref to
become zero, it returns -ETIMEDOUT without resurrecting the percpu_ref.
The caller (md_llbitmap_daemon_fn) then continues to the next page
without calling llbitmap_resume(), leaving the percpu_ref in a killed
state permanently.

Fix this by resurrecting the percpu_ref before returning the error,
ensuring the page control structure remains usable for subsequent
operations.

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The bug in the Linux kernel causes a per‑CPU reference counter for page control structures to remain in a killed state when a suspend timeout occurs, because the timeout path returns an error without resurrecting the reference. This leaves the page control structure permanently unusable for future operations, which can prevent later kernel components that depend on that structure from functioning correctly. The result is a loss of kernel functionality that may manifest as failed operations, kernel warnings, or potentially a panic if critical code relies on the structure.

Affected Systems

The vulnerability applies to any Linux kernel that includes the llbitmap module before the patch was applied. No specific version range is listed, so all kernel builds that contain the llbitmap_daemon implementation and the suspend timeout path are potentially affected.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, so there are no published exploits. The attack vector would require interaction with the kernel’s suspend handling path, typically available only to privileged users or system processes. While no active exploits have been reported, repeated triggering of the suspend timeout could degrade kernel stability, so the risk is considered moderate but could lead to denial of service if the bug is exploited or repeatedly triggered.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`5ab829f1971dc99f2aac10846c378e67fc875abc`	affected	< 095417d6b669c2dec39a5842ccb94df915f97f54
`5ab829f1971dc99f2aac10846c378e67fc875abc`	affected	< 2446d099350185caeed19ab2c0270451a97296fb
`5ab829f1971dc99f2aac10846c378e67fc875abc`	affected	< d119bd2e1643cc023210ff3c6f0657e4f914e71d

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5ab829f1971dc99f2aac10846c378e67fc875abc,095417d6b669c2dec39a5842ccb94df915f97f54)`	affected	code_commit	—
`[5ab829f1971dc99f2aac10846c378e67fc875abc,2446d099350185caeed19ab2c0270451a97296fb)`	affected	code_commit	—
`[5ab829f1971dc99f2aac10846c378e67fc875abc,d119bd2e1643cc023210ff3c6f0657e4f914e71d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a Linux kernel version that includes the llbitmap fix for CVE‑2026‑45955.
If a newer kernel is not available, apply the patch from commit 095417d6b669c2dec39a5842ccb94df915f97f54 to the kernel source tree and rebuild the kernel.
If immediate patching is not possible, disable kernel autosuspend for the affected devices to avoid triggering the suspend timeout until a fix is available.

Generated by OpenCVE AI on May 28, 2026 at 01:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/095417d6b669c2dec39a5842ccb94df915f97f54
https://git.kernel.org/stable/c/2446d099350185caeed19ab2c0270451a97296fb
https://git.kernel.org/stable/c/d119bd2e1643cc023210ff3c6f0657e4f914e71d
https://lore.kernel.org/linux-cve-announce/2026052732-CVE-2026-45955-00bf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45955
https://www.cve.org/CVERecord?id=CVE-2026-45955

History

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026052732-CVE-2026-45955-00bf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45955 https://www.cve.org/CVERecord?id=CVE-2026-45955
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 27 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout When llbitmap_suspend_timeout() times out waiting for percpu_ref to become zero, it returns -ETIMEDOUT without resurrecting the percpu_ref. The caller (md_llbitmap_daemon_fn) then continues to the next page without calling llbitmap_resume(), leaving the percpu_ref in a killed state permanently. Fix this by resurrecting the percpu_ref before returning the error, ensuring the page control structure remains usable for subsequent operations.
Title		md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/095417d6b669c2dec39a5842ccb94df915f97f54 https://git.kernel.org/stable/c/2446d099350185caeed19ab2c0270451a97296fb https://git.kernel.org/stable/c/d119bd2e1643cc023210ff3c6f0657e4f914e71d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:18:10.951Z

Updated: 2026-05-27T12:18:10.951Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45955

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:12.050

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45955

Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45955 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T02:00:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object