CVE-2025-38451
published 2025-07-25CVE-2025-38451: In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
md/md-bitmap: fix GPF in bitmap_get_stats()
The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats
collection for external bitmaps") states:
Remove the external bitmap check as the statistics should be
available regardless of bitmap storage location.
Return -EINVAL only for invalid bitmap with no storage (neither in
superblock nor in external file).
But, the code does not adhere to the above, as it does only check for
a valid super-block for "internal" bitmaps. Hence, we observe:
Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028
RIP: 0010:bitmap_get_stats+0x45/0xd0
Call Trace:
seq_read_iter+0x2b9/0x46a
seq_read+0x12f/0x180
proc_reg_read+0x57/0xb0
vfs_read+0xf6/0x380
ksys_read+0x6d/0xf0
do_syscall_64+0x8c/0x1b0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
We fix this by checking the existence of a super-block for both the
internal and external case.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | >= 065f4b1cd41d03702426af44193894b925607073 < a23b16ba3274961494f5ad236345d238364349ff | a23b16ba3274961494f5ad236345d238364349ff |
| linux | linux | >= 0b5390aeaa85eb2f15e0e2ea0731c0995285db5e < 3d82a729530bd2110ba66e4a1f73461c776edec2 | 3d82a729530bd2110ba66e4a1f73461c776edec2 |
| linux | linux | >= 6.1.135 < 6.1.146 | 6.1.146 |
| linux | linux | >= 6.12.25 < 6.12.39 | 6.12.39 |
| linux | linux | >= 6.14.4 < 6.15 | 6.15 |
| linux | linux | >= 6.6.88 < 6.6.99 | 6.6.99 |
| linux | linux | >= 6ec1f0239485028445d213d91cfee5242f3211ba < a18f9b08c70e10ea3a897058fee8a4f3b4c146ec | a18f9b08c70e10ea3a897058fee8a4f3b4c146ec |
| linux | linux | >= 6ec1f0239485028445d213d91cfee5242f3211ba < c17fb542dbd1db745c9feac15617056506dd7195 | c17fb542dbd1db745c9feac15617056506dd7195 |
| linux | linux | >= eeeba7f43ae27835718a5f5ad6552a8983e75201 < 3e0542701b37aa25b025d8531583458e4f014c2e | 3e0542701b37aa25b025d8531583458e4f014c2e |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 6.1.135 < 6.1.146 | 6.1.146 |
| linux | linux_kernel | >= 6.12.25 < 6.12.39 | 6.12.39 |
| linux | linux_kernel | >= 6.14.4 < 6.15 | 6.15 |
| linux | linux_kernel | >= 6.15.1 < 6.15.7 | 6.15.7 |
| linux | linux_kernel | >= 6.6.88 < 6.6.99 | 6.6.99 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM