CVE-2025-38451— md/md-bitmap: fix GPF in bitmap_get_stats()
Affected Version Matrix 13
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 065f4b1cd41d03702426af44193894b925607073< a23b16ba3274961494f5ad236345d238364349ff | affected |
0b5390aeaa85eb2f15e0e2ea0731c0995285db5e< 3d82a729530bd2110ba66e4a1f73461c776edec2 | affected | ||
eeeba7f43ae27835718a5f5ad6552a8983e75201< 3e0542701b37aa25b025d8531583458e4f014c2e | affected | ||
6ec1f0239485028445d213d91cfee5242f3211ba< a18f9b08c70e10ea3a897058fee8a4f3b4c146ec | affected | ||
6ec1f0239485028445d213d91cfee5242f3211ba< c17fb542dbd1db745c9feac15617056506dd7195 | affected | ||
896a6fbefc9050cf940ed57947eda6dc23aa58b0 | affected | ||
6.15 | affected | ||
< 6.15 | unaffected | ||
| … +5 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-38451
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
md/md-bitmap: fix GPF in bitmap_get_stats()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for invalid bitmap with no storage (neither in superblock nor in external file). But, the code does not adhere to the above, as it does only check for a valid super-block for "internal" bitmaps. Hence, we observe: Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028 RIP: 0010:bitmap_get_stats+0x45/0xd0 Call Trace: seq_read_iter+0x2b9/0x46a seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6d/0xf0 do_syscall_64+0x8c/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e We fix this by checking the existence of a super-block for both the internal and external case.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于无效位图统计收集可能导致GPF。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-38451
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-38451
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-07-25 · 114 CVEs total
| CVE-2025-38424 | perf: Fix sample vs do_exit() | |
| CVE-2025-38438 | ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. | |
| CVE-2025-38437 | ksmbd: fix potential use-after-free in oplock/lease break ack | |
| CVE-2025-38436 | drm/scheduler: signal scheduled fence when kill job | |
| CVE-2025-38435 | riscv: vector: Fix context save/restore with xtheadvector | |
| CVE-2025-38434 | Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" | |
| CVE-2025-38433 | riscv: fix runtime constant support for nommu kernels | |
| CVE-2025-38432 | net: netpoll: Initialize UDP checksum field before checksumming | |
| CVE-2025-38431 | smb: client: fix regression with native SMB symlinks | |
| CVE-2025-38430 | nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request | |
| CVE-2025-38429 | bus: mhi: ep: Update read pointer only after buffer is written | |
| CVE-2025-38428 | Input: ims-pcu - check record size in ims_pcu_flash_firmware() | |
| CVE-2025-38427 | video: screen_info: Relocate framebuffers behind PCI bridges | |
| CVE-2025-38425 | i2c: tegra: check msg length in SMBUS block read | |
| CVE-2025-38426 | drm/amdgpu: Add basic validation for RAS header | |
| CVE-2025-38413 | virtio-net: xsk: rx: fix the frame's length check | |
| CVE-2025-38416 | NFC: nci: uart: Set tty->disc_data only in success path | |
| CVE-2025-38415 | Squashfs: check return result of sb_min_blocksize | |
| CVE-2025-38414 | wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 | |
| CVE-2025-38417 | ice: fix eswitch code memory leak in reset scenario |
Showing top 20 of 114 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2025-38451
No comments yet