{"api_version":"1","generated_at":"2026-06-02T10:57:41+00:00","cve":"CVE-2026-46045","urls":{"html":"https://cve.report/CVE-2026-46045","api":"https://cve.report/api/cve/CVE-2026-46045.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-46045","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-46045"},"summary":{"title":"md/md-llbitmap: skip reading rdevs that are not in_sync","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-llbitmap: skip reading rdevs that are not in_sync\n\nWhen reading bitmap pages from member disks, the code iterates through\nall rdevs and attempts to read from the first available one. However,\nit only checks for raid_disk assignment and Faulty flag, missing the\nIn_sync flag check.\n\nThis can cause bitmap data to be read from spare disks that are still\nbeing rebuilt and don't have valid bitmap information yet. Reading\nstale or uninitialized bitmap data from such disks can lead to\nincorrect dirty bit tracking, potentially causing data corruption\nduring recovery or normal operation.\n\nAdd the In_sync flag check to ensure bitmap pages are only read from\nfully synchronized member disks that have valid bitmap data.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-27 14:17:23","updated_at":"2026-05-27 14:48:03"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/98623c7e2a51eab1833c8628d33fa9c6ef3ce325","name":"https://git.kernel.org/stable/c/98623c7e2a51eab1833c8628d33fa9c6ef3ce325","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/3115fa2f62970d98f2a639145fb8e2767db8bbf9","name":"https://git.kernel.org/stable/c/3115fa2f62970d98f2a639145fb8e2767db8bbf9","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/7701e68b5072faa03a8f30b4081dc16df9092381","name":"https://git.kernel.org/stable/c/7701e68b5072faa03a8f30b4081dc16df9092381","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46045","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46045","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5ab829f1971dc99f2aac10846c378e67fc875abc 98623c7e2a51eab1833c8628d33fa9c6ef3ce325 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5ab829f1971dc99f2aac10846c378e67fc875abc 3115fa2f62970d98f2a639145fb8e2767db8bbf9 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5ab829f1971dc99f2aac10846c378e67fc875abc 7701e68b5072faa03a8f30b4081dc16df9092381 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.18","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.27 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.4 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1-rc1 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"46045","cve":"CVE-2026-46045","epss":"0.000170000","percentile":"0.042650000","score_date":"2026-06-01","updated_at":"2026-06-02 00:05:21"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/md/md-llbitmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"98623c7e2a51eab1833c8628d33fa9c6ef3ce325","status":"affected","version":"5ab829f1971dc99f2aac10846c378e67fc875abc","versionType":"git"},{"lessThan":"3115fa2f62970d98f2a639145fb8e2767db8bbf9","status":"affected","version":"5ab829f1971dc99f2aac10846c378e67fc875abc","versionType":"git"},{"lessThan":"7701e68b5072faa03a8f30b4081dc16df9092381","status":"affected","version":"5ab829f1971dc99f2aac10846c378e67fc875abc","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/md/md-llbitmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.18"},{"lessThan":"6.18","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.27","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1-rc1","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.27","versionStartIncluding":"6.18","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.4","versionStartIncluding":"6.18","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1-rc1","versionStartIncluding":"6.18","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-llbitmap: skip reading rdevs that are not in_sync\n\nWhen reading bitmap pages from member disks, the code iterates through\nall rdevs and attempts to read from the first available one. However,\nit only checks for raid_disk assignment and Faulty flag, missing the\nIn_sync flag check.\n\nThis can cause bitmap data to be read from spare disks that are still\nbeing rebuilt and don't have valid bitmap information yet. Reading\nstale or uninitialized bitmap data from such disks can lead to\nincorrect dirty bit tracking, potentially causing data corruption\nduring recovery or normal operation.\n\nAdd the In_sync flag check to ensure bitmap pages are only read from\nfully synchronized member disks that have valid bitmap data."}],"providerMetadata":{"dateUpdated":"2026-05-27T12:57:00.839Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/98623c7e2a51eab1833c8628d33fa9c6ef3ce325"},{"url":"https://git.kernel.org/stable/c/3115fa2f62970d98f2a639145fb8e2767db8bbf9"},{"url":"https://git.kernel.org/stable/c/7701e68b5072faa03a8f30b4081dc16df9092381"}],"title":"md/md-llbitmap: skip reading rdevs that are not in_sync","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-46045","datePublished":"2026-05-27T12:57:00.839Z","dateReserved":"2026-05-13T15:03:33.094Z","dateUpdated":"2026-05-27T12:57:00.839Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 14:17:23","lastModifiedDate":"2026-05-27 14:48:03","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"46045","Ordinal":"1","Title":"md/md-llbitmap: skip reading rdevs that are not in_sync","CVE":"CVE-2026-46045","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"46045","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-llbitmap: skip reading rdevs that are not in_sync\n\nWhen reading bitmap pages from member disks, the code iterates through\nall rdevs and attempts to read from the first available one. However,\nit only checks for raid_disk assignment and Faulty flag, missing the\nIn_sync flag check.\n\nThis can cause bitmap data to be read from spare disks that are still\nbeing rebuilt and don't have valid bitmap information yet. Reading\nstale or uninitialized bitmap data from such disks can lead to\nincorrect dirty bit tracking, potentially causing data corruption\nduring recovery or normal operation.\n\nAdd the In_sync flag check to ensure bitmap pages are only read from\nfully synchronized member disks that have valid bitmap data.","Type":"Description","Title":"md/md-llbitmap: skip reading rdevs that are not in_sync"}]}}}