Detections
Analytics

CVE-2025-38451

medium

Description

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for invalid bitmap with no storage (neither in superblock nor in external file). But, the code does not adhere to the above, as it does only check for a valid super-block for "internal" bitmaps. Hence, we observe: Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028 RIP: 0010:bitmap_get_stats+0x45/0xd0 Call Trace: seq_read_iter+0x2b9/0x46a seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6d/0xf0 do_syscall_64+0x8c/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e We fix this by checking the existence of a super-block for both the internal and external case.

References

https://git.kernel.org/stable/c/c17fb542dbd1db745c9feac15617056506dd7195

https://git.kernel.org/stable/c/a23b16ba3274961494f5ad236345d238364349ff

https://git.kernel.org/stable/c/a18f9b08c70e10ea3a897058fee8a4f3b4c146ec

https://git.kernel.org/stable/c/3e0542701b37aa25b025d8531583458e4f014c2e

https://git.kernel.org/stable/c/3d82a729530bd2110ba66e4a1f73461c776edec2

Details

Source: Mitre, NVD

Published: 2025-07-25

Updated: 2025-07-29

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018