Bug 2383481 (CVE-2025-38451) - CVE-2025-38451 kernel: md/md-bitmap: fix GPF in bitmap_get_stats()
Summary: CVE-2025-38451 kernel: md/md-bitmap: fix GPF in bitmap_get_stats()
Keywords:
Status: NEW
Alias: CVE-2025-38451
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-07-25 16:01 UTC by OSIDB Bzimport
Modified: 2025-07-25 17:33 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-07-25 16:01:37 UTC 
In the Linux kernel, the following vulnerability has been resolved:

md/md-bitmap: fix GPF in bitmap_get_stats()

The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats
collection for external bitmaps") states:

    Remove the external bitmap check as the statistics should be
    available regardless of bitmap storage location.

    Return -EINVAL only for invalid bitmap with no storage (neither in
    superblock nor in external file).

But, the code does not adhere to the above, as it does only check for
a valid super-block for "internal" bitmaps. Hence, we observe:

Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028
RIP: 0010:bitmap_get_stats+0x45/0xd0
Call Trace:

 seq_read_iter+0x2b9/0x46a
 seq_read+0x12f/0x180
 proc_reg_read+0x57/0xb0
 vfs_read+0xf6/0x380
 ksys_read+0x6d/0xf0
 do_syscall_64+0x8c/0x1b0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

We fix this by checking the existence of a super-block for both the
internal and external case.
Comment 1 Jon Moroney 2025-07-25 17:31:50 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025072504-CVE-2025-38451-ee66@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.