Skip to main content

Linux Kernel EUVDEUVD-2026-32478

| CVE-2026-46095 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-qghx-f73p-v22r
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only vector with low-privilege trigger; pure availability impact from RAID subsystem crash; no confidentiality or integrity consequence per description.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:36 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: raise barrier before state machine transition

Move the barrier raise operation before calling llbitmap_state_machine() in both llbitmap_start_write() and llbitmap_start_discard(). This ensures the barrier is in place before any state transitions occur, preventing potential race conditions where the state machine could complete before the barrier is properly raised.

AnalysisAI

Race condition in the Linux kernel's md/md-llbitmap subsystem can cause availability loss on systems using software RAID with bitmap tracking. The barrier raise in llbitmap_start_write() and llbitmap_start_discard() occurs after the state machine transition is initiated, creating a window where concurrent state changes proceed without synchronization - potentially crashing the RAID subsystem or rendering an md array unavailable. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation risk. Patches are available across multiple stable kernel branches.

Technical ContextAI

The Linux kernel's md (Multiple Devices) subsystem provides software RAID functionality. Within it, llbitmap implements a lazy/write-intent bitmap used to track which regions of a RAID array are synchronized - critical for crash recovery and resync operations. llbitmap_start_write() and llbitmap_start_discard() are entry points for initiating write and discard operations on the RAID. Both functions call llbitmap_state_machine() to manage transitions between bitmap states, but the barrier - which serializes access to prevent concurrent modification - was being raised after the state machine was already invoked. This ordering error is a classic TOCTOU-adjacent race: if another thread or interrupt triggers a competing state transition in the gap before the barrier is raised, the bitmap state can become inconsistent, leading to kernel panic or md array failure. The CPE (cpe:2.3:o:linux:linux_kernel:*) confirms this affects the Linux kernel broadly, with the affected commit range starting from 5ab829f1971dc99f2aac10846c878e67fc875abc. No CWE was assigned, but the root cause class is CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization).

RemediationAI

Upgrade to a patched kernel version: Linux 7.0.4, 6.18.27, or 7.1-rc1 as reported by EUVD, corresponding to upstream stable fix commits at https://git.kernel.org/stable/c/9142f00a9287ca38152717e3e88a033a27774e7f and the two additional stable backports. Distribution-packaged kernels (RHEL, Debian, Ubuntu, SUSE) should be monitored for backport availability. As a compensating control where patching is not immediately feasible, restricting local user access on systems running md RAID arrays reduces the attack surface - this specifically means limiting who can trigger write or discard I/O to md devices, for example via filesystem access controls or by running the RAID array under a dedicated service account. Note: disabling md-llbitmap entirely removes bitmap-based resync optimization but eliminates the vulnerable code path; however, this trade-off means longer RAID resync times after unclean shutdowns. No workaround eliminates the race without patching or feature disablement.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32478 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy