SB2026052839 - Improper access control in Linux kernel md driver



SB2026052839 - Improper access control in Linux kernel md driver

Published: May 28, 2026

Security Bulletin ID SB2026052839
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper access control (CVE-ID: CVE-2026-46045)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause data corruption.

The vulnerability exists due to improper access control in md-llbitmap when reading bitmap pages from member disks. A local user can cause the system to read bitmap data from a spare disk that is still being rebuilt to cause data corruption.

The issue occurs because disks that are not fully synchronized may be treated as valid bitmap sources.


Remediation

Install update from vendor's website.