{"id":"CVE-2026-46045","summary":"md/md-llbitmap: skip reading rdevs that are not in_sync","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-llbitmap: skip reading rdevs that are not in_sync\n\nWhen reading bitmap pages from member disks, the code iterates through\nall rdevs and attempts to read from the first available one. However,\nit only checks for raid_disk assignment and Faulty flag, missing the\nIn_sync flag check.\n\nThis can cause bitmap data to be read from spare disks that are still\nbeing rebuilt and don't have valid bitmap information yet. Reading\nstale or uninitialized bitmap data from such disks can lead to\nincorrect dirty bit tracking, potentially causing data corruption\nduring recovery or normal operation.\n\nAdd the In_sync flag check to ensure bitmap pages are only read from\nfully synchronized member disks that have valid bitmap data.","modified":"2026-06-18T03:56:17.120158329Z","published":"2026-05-27T12:57:00.839Z","related":["openSUSE-SU-2026:10954-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46045.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3115fa2f62970d98f2a639145fb8e2767db8bbf9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7701e68b5072faa03a8f30b4081dc16df9092381"},{"type":"WEB","url":"https://git.kernel.org/stable/c/98623c7e2a51eab1833c8628d33fa9c6ef3ce325"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46045.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46045"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5ab829f1971dc99f2aac10846c378e67fc875abc"},{"fixed":"98623c7e2a51eab1833c8628d33fa9c6ef3ce325"},{"fixed":"3115fa2f62970d98f2a639145fb8e2767db8bbf9"},{"fixed":"7701e68b5072faa03a8f30b4081dc16df9092381"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46045.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.27"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46045.json"}}],"schema_version":"1.7.5"}