CVE-2026-45955 Linux CVE debrief

Who should care

Organizations running Linux systems with software RAID (md) configurations using bitmap functionality, particularly those with large RAID arrays where resync operations may experience timeouts. Cloud providers and hosting services utilizing md-raid for storage redundancy should prioritize kernel updates.

Technical summary

The md/md-llbitmap (linked list bitmap) subsystem in the Linux kernel manages bitmap pages for software RAID (md) devices. The llbitmap_suspend_timeout() function waits for a percpu_ref reference count to reach zero before proceeding. If this wait times out, the function previously returned -ETIMEDOUT without calling percpu_ref_resurrect(), leaving the reference in PERCPU_REF_DEAD state. The caller md_llbitmap_daemon_fn() would then continue to the next page without calling llbitmap_resume(), permanently corrupting the page control structure's state. The fix adds percpu_ref_resurrect() before returning the error code, ensuring the structure remains valid for subsequent operations.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix commits when available from your Linux distribution
• Monitor vendor security advisories for patched kernel versions
• If running software RAID (md) with bitmap functionality, prioritize kernel updates on systems where RAID resync operations may be interrupted
• Review system logs for -ETIMEDOUT errors from md_llbitmap_daemon_fn as potential indicators of this condition

Evidence notes

Vulnerability description sourced from NVD record published 2026-05-27. Fix commits identified in kernel.org stable tree. No CVSS score or severity assigned by NVD at time of disclosure.

Official resources