Improper access control in Linux kernel - CVE-2026-46045
Published: May 28, 2026
Vulnerability identifier: #VU132453
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46045
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause data corruption.
The vulnerability exists due to improper access control in md-llbitmap when reading bitmap pages from member disks. A local user can cause the system to read bitmap data from a spare disk that is still being rebuilt to cause data corruption.
The issue occurs because disks that are not fully synchronized may be treated as valid bitmap sources.
How to mitigate CVE-2026-46045
Install security update from vendor's repository.