In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in mdbitmapgetcounter If we write a large number to md/bitmapsetbits, mdbitmapcheckpage() will return -EINVAL because 'page >= bitmap->pages', but the return value was not checked immediately in mdbitmapgetcounter() in order to set *blocks value and slab-out-of-bounds occurs. Move check of 'page >= bitmap->pages' to mdbitmapget_counter() and return directly if true.