Description
In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: skip reading rdevs that are not in_sync

When reading bitmap pages from member disks, the code iterates through
all rdevs and attempts to read from the first available one. However,
it only checks for raid_disk assignment and Faulty flag, missing the
In_sync flag check.

This can cause bitmap data to be read from spare disks that are still
being rebuilt and don't have valid bitmap information yet. Reading
stale or uninitialized bitmap data from such disks can lead to
incorrect dirty bit tracking, potentially causing data corruption
during recovery or normal operation.

Add the In_sync flag check to ensure bitmap pages are only read from
fully synchronized member disks that have valid bitmap data.
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s raid bitmap handling code in the md/md‑llbitmap subsystem contains an out‑of‑bounds read. While reading bitmap pages it iterates over all raid devices but only checks whether a device has a raid_disk assigned and that it is not flagged as faulty. It neglects to verify the In_sync flag. As a result, bitmap data may be read from spare or rebuilding devices that do not yet contain valid bitmap information. These stale or uninitialized bitmap pages are interpreted as dirty‑bit markers, which can corrupt the RAID’s recovery logic or normal read/write operations, leading to loss or corruption of stored data. The flaw is categorized as a Programming Error (CWE‑821) and an Out‑of‑Bounds Read (CWE‑787).

Affected Systems

This vulnerability exists in the generic Linux kernel image and affects any distribution kernel that contains the unpatched md/md‑llbitmap logic. No specific kernel release or version is listed in the data, so any kernel lacking the patched In_sync flag check remains potentially vulnerable. The vulnerability is present wherever the affected subsystem is compiled into the kernel, regardless of distribution.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity impact. The EPSS score of < 1% implies a very low but nonzero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog and no public exploits are known. Based on the description, it is inferred that exploitation would require a local privileged attacker who can influence RAID rebuild activity or trigger a bitmap read while a device is not fully synchronized. Remote exploitation is unlikely because the flaw is exercised only during normal RAID operations. Given the low EPSS value, the risk of exploitation in the wild is low, but the potential impact—data corruption—warrants mitigation.

Generated by OpenCVE AI on June 18, 2026 at 03:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy a kernel update that applies the In_sync flag check in the md/md‑llbitmap path.
  • If a kernel upgrade cannot be performed immediately, pause all RAID rebuild operations to ensure all member disks are fully synchronized before the volume is read.
  • Continuously monitor RAID status and bitmap integrity logs to detect unexpected dirty‑bit patterns and verify data consistency during normal operations.

Generated by OpenCVE AI on June 18, 2026 at 03:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 28 May 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-670

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-670

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not in_sync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raid_disk assignment and Faulty flag, missing the In_sync flag check. This can cause bitmap data to be read from spare disks that are still being rebuilt and don't have valid bitmap information yet. Reading stale or uninitialized bitmap data from such disks can lead to incorrect dirty bit tracking, potentially causing data corruption during recovery or normal operation. Add the In_sync flag check to ensure bitmap pages are only read from fully synchronized member disks that have valid bitmap data.
Title md/md-llbitmap: skip reading rdevs that are not in_sync
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:50:20.949Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46045

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:23.953

Modified: 2026-06-17T10:52:57.453

Link: CVE-2026-46045

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46045 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T04:00:15Z

Weaknesses