CVE-2026-45955
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout
When llbitmap_suspend_timeout() times out waiting for percpu_ref to become zero, it returns -ETIMEDOUT without resurrecting the percpu_ref. The caller (md_llbitmap_daemon_fn) then continues to the next page without calling llbitmap_resume(), leaving the percpu_ref in a killed state permanently.
Fix this by resurrecting the percpu_ref before returning the error, ensuring the page control structure remains usable for subsequent operations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5ab829f1971dc99f2aac10846c378e67fc875abc < 095417d6b669c2dec39a5842ccb94df915f97f54 | affected |
| Linux | Linux | 5ab829f1971dc99f2aac10846c378e67fc875abc < 2446d099350185caeed19ab2c0270451a97296fb | affected |
| Linux | Linux | 5ab829f1971dc99f2aac10846c378e67fc875abc < d119bd2e1643cc023210ff3c6f0657e4f914e71d | affected |
| Linux | Linux | 6.18 | affected |
| Linux | Linux | 0 < 6.18 | unaffected |
| Linux | Linux | 6.18.14 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.4 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/095417d6b669c2dec39a5842ccb94df915f97f54
- https://git.kernel.org/stable/c/2446d099350185caeed19ab2c0270451a97296fb
- https://git.kernel.org/stable/c/d119bd2e1643cc023210ff3c6f0657e4f914e71d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.