CVE-2025-38451

EUVD-2025-22690
In the Linux kernel, the following vulnerability has been resolved:

md/md-bitmap: fix GPF in bitmap_get_stats()

The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats
collection for external bitmaps") states:

    Remove the external bitmap check as the statistics should be
    available regardless of bitmap storage location.

    Return -EINVAL only for invalid bitmap with no storage (neither in
    superblock nor in external file).

But, the code does not adhere to the above, as it does only check for
a valid super-block for "internal" bitmaps. Hence, we observe:

Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028
RIP: 0010:bitmap_get_stats+0x45/0xd0
Call Trace:

 seq_read_iter+0x2b9/0x46a
 seq_read+0x12f/0x180
 proc_reg_read+0x57/0xb0
 vfs_read+0xf6/0x380
 ksys_read+0x6d/0xf0
 do_syscall_64+0x8c/0x1b0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

We fix this by checking the existence of a super-block for both the
internal and external case.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.1.135 ≤
𝑥
< 6.1.146
linuxlinux_kernel
6.6.88 ≤
𝑥
< 6.6.99
linuxlinux_kernel
6.12.25 ≤
𝑥
< 6.12.39
linuxlinux_kernel
6.14.4 ≤
𝑥
< 6.15
linuxlinux_kernel
6.15.1 ≤
𝑥
< 6.15.7
linuxlinux_kernel
6.15
linuxlinux_kernel
6.15:rc3
linuxlinux_kernel
6.15:rc4
linuxlinux_kernel
6.15:rc5
linuxlinux_kernel
6.15:rc6
linuxlinux_kernel
6.15:rc7
linuxlinux_kernel
6.16:rc1
linuxlinux_kernel
6.16:rc2
linuxlinux_kernel
6.16:rc3
linuxlinux_kernel
6.16:rc4
linuxlinux_kernel
6.16:rc5
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.162-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.249-1
fixed
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
6.12.73-1
fixed
linux-6.1
bullseye (security)
6.1.162-1~deb11u1
fixed
References
https://git.kernel.org/stable/c/3d82a729530bd2110ba66e4a1f73461c776edec2
https://git.kernel.org/stable/c/3e0542701b37aa25b025d8531583458e4f014c2e
https://git.kernel.org/stable/c/a18f9b08c70e10ea3a897058fee8a4f3b4c146ec
https://git.kernel.org/stable/c/a23b16ba3274961494f5ad236345d238364349ff
https://git.kernel.org/stable/c/c17fb542dbd1db745c9feac15617056506dd7195
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html