Fixed
Created: Jul 28, 2025
Updated: Aug 10, 2025
Resolved Date: Aug 10, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]md/md-bitmap: fix GPF in bitmap_get_stats()[EOL][EOL]The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats[EOL]collection for external bitmaps") states:[EOL][EOL] Remove the external bitmap check as the statistics should be[EOL] available regardless of bitmap storage location.[EOL][EOL] Return -EINVAL only for invalid bitmap with no storage (neither in[EOL] superblock nor in external file).[EOL][EOL]But, the code does not adhere to the above, as it does only check for[EOL]a valid super-block for "internal" bitmaps. Hence, we observe:[EOL][EOL]Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028[EOL]RIP: 0010:bitmap_get_stats+0x45/0xd0[EOL]Call Trace:[EOL][EOL] seq_read_iter+0x2b9/0x46a[EOL] seq_read+0x12f/0x180[EOL] proc_reg_read+0x57/0xb0[EOL] vfs_read+0xf6/0x380[EOL] ksys_read+0x6d/0xf0[EOL] do_syscall_64+0x8c/0x1b0[EOL] entry_SYSCALL_64_after_hwframe+0x76/0x7e[EOL][EOL]We fix this by checking the existence of a super-block for both the[EOL]internal and external case.
CREATE(Triage):(User=admin) [CVE-2025-38451 (https://nvd.nist.gov/vuln/detail/CVE-2025-38451)
