CVE-2026-45955

Source
https://cve.org/CVERecord?id=CVE-2026-45955
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45955.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45955
Downstream
Published
2026-05-27T12:18:10.951Z
Modified
2026-07-08T08:09:39.967454940Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout
Details

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout

When llbitmapsuspendtimeout() times out waiting for percpuref to become zero, it returns -ETIMEDOUT without resurrecting the percpuref. The caller (mdllbitmapdaemonfn) then continues to the next page without calling llbitmapresume(), leaving the percpu_ref in a killed state permanently.

Fix this by resurrecting the percpu_ref before returning the error, ensuring the page control structure remains usable for subsequent operations.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45955.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5ab829f1971dc99f2aac10846c378e67fc875abc
Fixed
095417d6b669c2dec39a5842ccb94df915f97f54
Fixed
2446d099350185caeed19ab2c0270451a97296fb
Fixed
d119bd2e1643cc023210ff3c6f0657e4f914e71d

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45955.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45955.json"