| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime\n\nAfter commit ec6bb299c7c3 (\"md/md-bitmap: add 'sync_size' into struct\nmd_bitmap_stats\"), following panic is reported:\n\nOops: general protection fault, probably for non-canonical address\nRIP: 0010:bitmap_get_stats+0x2b/0xa0\nCall Trace:\n <TASK>\n md_seq_show+0x2d2/0x5b0\n seq_read_iter+0x2b9/0x470\n seq_read+0x12f/0x180\n proc_reg_read+0x57/0xb0\n vfs_read+0xf6/0x380\n ksys_read+0x6c/0xf0\n do_syscall_64+0x82/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nRoot cause is that bitmap_get_stats() can be called at anytime if mddev\nis still there, even if bitmap is destroyed, or not fully initialized.\nDeferenceing bitmap in this case can crash the kernel. Meanwhile, the\nabove commit start to deferencing bitmap->storage, make the problem\neasier to trigger.\n\nFix the problem by protecting bitmap_get_stats() with bitmap_info.mutex." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/md/md-bitmap.c", |
| "drivers/md/md.c" |
| ], |
| "versions": [ |
| { |
| "version": "32a7627cf3a35396a8e834faf34e38ae9f3b1309", |
| "lessThan": "032fa54f486eac5507976e7e31f079a767bc13a8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "32a7627cf3a35396a8e834faf34e38ae9f3b1309", |
| "lessThan": "52848a095b55a302af92f52ca0de5b3112059bb8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "32a7627cf3a35396a8e834faf34e38ae9f3b1309", |
| "lessThan": "237e19519c8ff6949f0ef57c4a0243f5b2b0fa18", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "32a7627cf3a35396a8e834faf34e38ae9f3b1309", |
| "lessThan": "4e9316eee3885bfb311b4759513f2ccf37891c09", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "32a7627cf3a35396a8e834faf34e38ae9f3b1309", |
| "lessThan": "8d28d0ddb986f56920ac97ae704cc3340a699a30", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/md/md-bitmap.c", |
| "drivers/md/md.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.13", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.13", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.130", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.80", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.13", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13.2", |
| "lessThanOrEqual": "6.13.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.14", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.13", |
| "versionEndExcluding": "6.1.130" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.13", |
| "versionEndExcluding": "6.6.80" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.13", |
| "versionEndExcluding": "6.12.13" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.13", |
| "versionEndExcluding": "6.13.2" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.13", |
| "versionEndExcluding": "6.14" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/032fa54f486eac5507976e7e31f079a767bc13a8" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/52848a095b55a302af92f52ca0de5b3112059bb8" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/237e19519c8ff6949f0ef57c4a0243f5b2b0fa18" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/4e9316eee3885bfb311b4759513f2ccf37891c09" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/8d28d0ddb986f56920ac97ae704cc3340a699a30" |
| } |
| ], |
| "title": "md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2025-21712", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
