CVE-2025-38451

md/md-bitmap: fix GPF in bitmap_get_stats()

Description

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for invalid bitmap with no storage (neither in superblock nor in external file). But, the code does not adhere to the above, as it does only check for a valid super-block for "internal" bitmaps. Hence, we observe: Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028 RIP: 0010:bitmap_get_stats+0x45/0xd0 Call Trace: seq_read_iter+0x2b9/0x46a seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6d/0xf0 do_syscall_64+0x8c/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e We fix this by checking the existence of a super-block for both the internal and external case.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a23b16ba3274961494f5ad236345d238364349ff
https://git.kernel.org/stable/c/3d82a729530bd2110ba66e4a1f73461c776edec2
https://git.kernel.org/stable/c/3e0542701b37aa25b025d8531583458e4f014c2e
https://git.kernel.org/stable/c/a18f9b08c70e10ea3a897058fee8a4f3b4c146ec
https://git.kernel.org/stable/c/c17fb542dbd1db745c9feac15617056506dd7195

Frequently Asked Questions

What is the severity of CVE-2025-38451?
CVE-2025-38451 has not yet been assigned a CVSS score.
How to fix CVE-2025-38451?
To fix CVE-2025-38451, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38451 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38451 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38451?
CVE-2025-38451 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.