AZL-68763

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68763.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68763

Upstream

CVE-2025-21712

Published

2025-02-27T02:15:14Z

Modified

2026-04-01T05:21:29.023279Z

Summary

CVE-2025-21712 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

md/md-bitmap: Synchronize bitmapgetstats() with bitmap lifetime

After commit ec6bb299c7c3 ("md/md-bitmap: add 'syncsize' into struct mdbitmap_stats"), following panic is reported:

Oops: general protection fault, probably for non-canonical address RIP: 0010:bitmapgetstats+0x2b/0xa0 Call Trace: <TASK> mdseqshow+0x2d2/0x5b0 seqreaditer+0x2b9/0x470 seqread+0x12f/0x180 procregread+0x57/0xb0 vfsread+0xf6/0x380 ksysread+0x6c/0xf0 dosyscall64+0x82/0x170 entrySYSCALL64after_hwframe+0x76/0x7e

Root cause is that bitmapgetstats() can be called at anytime if mddev is still there, even if bitmap is destroyed, or not fully initialized. Deferenceing bitmap in this case can crash the kernel. Meanwhile, the above commit start to deferencing bitmap->storage, make the problem easier to trigger.

Fix the problem by protecting bitmapgetstats() with bitmap_info.mutex.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21712

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68763.json"