CVE-2026-46045 - Vulnerability Details

- md/md-llbitmap: skip reading rdevs that are not in_sync

Description

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: skip reading rdevs that are not in_sync

When reading bitmap pages from member disks, the code iterates through
all rdevs and attempts to read from the first available one. However,
it only checks for raid_disk assignment and Faulty flag, missing the
In_sync flag check.

This can cause bitmap data to be read from spare disks that are still
being rebuilt and don't have valid bitmap information yet. Reading
stale or uninitialized bitmap data from such disks can lead to
incorrect dirty bit tracking, potentially causing data corruption
during recovery or normal operation.

Add the In_sync flag check to ensure bitmap pages are only read from
fully synchronized member disks that have valid bitmap data.

Published: 2026-05-27

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s raid bitmap handler reads bitmap pages from member disks without verifying that a disk is fully synchronized. Because the code only checks for raid_disk assignment and the Faulty flag, it can inadvertently read from spare disks that are still being rebuilt and do not contain valid bitmap data. This stale or uninitialized data is interpreted as dirty‑bit markers, which can corrupt the recovery logic and lead to loss or corruption of stored data. The flaw maps to a Programming Error (CWE‑821).

Affected Systems

The vulnerability exists in the generic Linux kernel image and applies to any kernel that contains the unpatched bitmap‑reading logic in the md/md‑llbitmap subsystem. No specific kernel release or version is listed, so any distribution kernel that has not yet applied the change that adds an In_sync flag check remains potentially vulnerable.

Risk and Exploitability

The CVSS score is 7.0, indicating a high severity impact. The EPSS score is not available, but the available data suggest that the vulnerability’s exploitation requires a local privileged attacker who can influence the raid rebuild state or trigger a bitmap read while a disk is unsynchronized. Remote exploitation is unlikely because the flaw is exercised only during normal raid operations. The vulnerability is not listed in the CISA KEV catalog and no public exploit is currently known, so the likelihood of exploitation in the wild is moderate but not negligible.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`5ab829f1971dc99f2aac10846c378e67fc875abc`	affected	< 98623c7e2a51eab1833c8628d33fa9c6ef3ce325
`5ab829f1971dc99f2aac10846c378e67fc875abc`	affected	< 3115fa2f62970d98f2a639145fb8e2767db8bbf9
`5ab829f1971dc99f2aac10846c378e67fc875abc`	affected	< 7701e68b5072faa03a8f30b4081dc16df9092381

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5ab829f1971dc99f2aac10846c378e67fc875abc,98623c7e2a51eab1833c8628d33fa9c6ef3ce325)`	affected	code_commit	—
`[5ab829f1971dc99f2aac10846c378e67fc875abc,3115fa2f62970d98f2a639145fb8e2767db8bbf9)`	affected	code_commit	—
`[5ab829f1971dc99f2aac10846c378e67fc875abc,7701e68b5072faa03a8f30b4081dc16df9092381)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Deploy a kernel update that incorporates the In_sync flag check in the md/md-llbitmap path.
If an immediate kernel upgrade is not possible, pause all raid rebuild activity, ensuring that all member disks are fully synchronized before performing read operations on the volume.
Continuously monitor RAID status logs and validate bitmap integrity during normal operations to detect and correct any unintended corruption.

Generated by OpenCVE AI on May 28, 2026 at 04:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3115fa2f62970d98f2a639145fb8e2767db8bbf9
https://git.kernel.org/stable/c/7701e68b5072faa03a8f30b4081dc16df9092381
https://git.kernel.org/stable/c/98623c7e2a51eab1833c8628d33fa9c6ef3ce325
https://lore.kernel.org/linux-cve-announce/2026052752-CVE-2026-46045-ce33@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46045
https://www.cve.org/CVERecord?id=CVE-2026-46045

History

Thu, 28 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-665 CWE-670

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-821
References		https://lore.kernel.org/linux-cve-announce/2026052752-CVE-2026-46045-ce33@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46045 https://www.cve.org/CVERecord?id=CVE-2026-46045
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 27 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-665 CWE-670

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not in_sync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raid_disk assignment and Faulty flag, missing the In_sync flag check. This can cause bitmap data to be read from spare disks that are still being rebuilt and don't have valid bitmap information yet. Reading stale or uninitialized bitmap data from such disks can lead to incorrect dirty bit tracking, potentially causing data corruption during recovery or normal operation. Add the In_sync flag check to ensure bitmap pages are only read from fully synchronized member disks that have valid bitmap data.
Title		md/md-llbitmap: skip reading rdevs that are not in_sync
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3115fa2f62970d98f2a639145fb8e2767db8bbf9 https://git.kernel.org/stable/c/7701e68b5072faa03a8f30b4081dc16df9092381 https://git.kernel.org/stable/c/98623c7e2a51eab1833c8628d33fa9c6ef3ce325

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:57:00.839Z

Updated: 2026-05-27T12:57:00.839Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46045

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:23.953

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46045

Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46045 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T04:45:07Z

Weaknesses

CWE-821

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object