CVE-2026-46045

Source
https://cve.org/CVERecord?id=CVE-2026-46045
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46045.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46045
Downstream
Related
Published
2026-05-27T12:57:00.839Z
Modified
2026-06-18T03:56:17.120158329Z
Summary
md/md-llbitmap: skip reading rdevs that are not in_sync
Details

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: skip reading rdevs that are not in_sync

When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk assignment and Faulty flag, missing the Insync flag check.

This can cause bitmap data to be read from spare disks that are still being rebuilt and don't have valid bitmap information yet. Reading stale or uninitialized bitmap data from such disks can lead to incorrect dirty bit tracking, potentially causing data corruption during recovery or normal operation.

Add the In_sync flag check to ensure bitmap pages are only read from fully synchronized member disks that have valid bitmap data.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46045.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5ab829f1971dc99f2aac10846c378e67fc875abc
Fixed
98623c7e2a51eab1833c8628d33fa9c6ef3ce325
Fixed
3115fa2f62970d98f2a639145fb8e2767db8bbf9
Fixed
7701e68b5072faa03a8f30b4081dc16df9092381

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46045.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46045.json"