SB2026052839 - Improper access control in Linux kernel md driver
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper access control (CVE-ID: CVE-2026-46045)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause data corruption.
The vulnerability exists due to improper access control in md-llbitmap when reading bitmap pages from member disks. A local user can cause the system to read bitmap data from a spare disk that is still being rebuilt to cause data corruption.
The issue occurs because disks that are not fully synchronized may be treated as valid bitmap sources.
Remediation
Install update from vendor's website.