CVE-2025-38451
- Source
- https://cve.org/CVERecord?id=CVE-2025-38451
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38451.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38451
- Downstream
- Related
- Published
- 2025-07-25T15:27:32.045Z
- Modified
- 2026-03-20T12:42:52.308561Z
- Summary
- md/md-bitmap: fix GPF in bitmap_get_stats()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
md/md-bitmap: fix GPF in bitmapgetstats()
The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states:
Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for invalid bitmap with no storage (neither in superblock nor in external file).But, the code does not adhere to the above, as it does only check for a valid super-block for "internal" bitmaps. Hence, we observe:
Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028 RIP: 0010:bitmapgetstats+0x45/0xd0 Call Trace:
seqreaditer+0x2b9/0x46a seqread+0x12f/0x180 procregread+0x57/0xb0 vfsread+0xf6/0x380 ksysread+0x6d/0xf0 dosyscall64+0x8c/0x1b0 entrySYSCALL64after_hwframe+0x76/0x7e
We fix this by checking the existence of a super-block for both the internal and external case.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38451.json" }- References
-
- https://git.kernel.org/stable/c/3d82a729530bd2110ba66e4a1f73461c776edec2
- https://git.kernel.org/stable/c/3e0542701b37aa25b025d8531583458e4f014c2e
- https://git.kernel.org/stable/c/a18f9b08c70e10ea3a897058fee8a4f3b4c146ec
- https://git.kernel.org/stable/c/a23b16ba3274961494f5ad236345d238364349ff
- https://git.kernel.org/stable/c/c17fb542dbd1db745c9feac15617056506dd7195
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38451.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38451
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced065f4b1cd41d03702426af44193894b925607073Fixeda23b16ba3274961494f5ad236345d238364349ff
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0b5390aeaa85eb2f15e0e2ea0731c0995285db5eFixed3d82a729530bd2110ba66e4a1f73461c776edec2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeeeba7f43ae27835718a5f5ad6552a8983e75201Fixed3e0542701b37aa25b025d8531583458e4f014c2e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6ec1f0239485028445d213d91cfee5242f3211baFixeda18f9b08c70e10ea3a897058fee8a4f3b4c146ecFixedc17fb542dbd1db745c9feac15617056506dd7195
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected896a6fbefc9050cf940ed57947eda6dc23aa58b0