CVE-2025-38451
Description
In the Linux kernel, the following vulnerability has been resolved:
md/md-bitmap: fix GPF in bitmap_get_stats()
The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states:
Remove the external bitmap check as the statistics should be available regardless of bitmap storage location.
Return -EINVAL only for invalid bitmap with no storage (neither in superblock nor in external file).
But, the code does not adhere to the above, as it does only check for a valid super-block for "internal" bitmaps. Hence, we observe:
Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028 RIP: 0010:bitmap_get_stats+0x45/0xd0 Call Trace:
seq_read_iter+0x2b9/0x46a seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6d/0xf0 do_syscall_64+0x8c/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
We fix this by checking the existence of a super-block for both the internal and external case.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a missing superblock check for external bitmaps in bitmap_get_stats() causes a general protection fault (GPF), enabling local denial of service.
Vulnerability
CVE-2025-38451 is a kernel vulnerability in the MD (Multiple Device) driver's bitmap statistics function, bitmap_get_stats(). A previous commit (6ec1f0239485) attempted to make statistics available for external bitmaps but only checked for a valid superblock for internal bitmaps. This oversight causes a null/invalid pointer dereference (GPF) when reading stats for an external bitmap without a superblock.
Exploitation
Exploitation requires local access to read the proc file that triggers bitmap_get_stats(), such as /proc/mdstat. No special privileges beyond read access are needed. The attacker can trigger the fault by querying statistics for an MD device using an external bitmap that lacks a superblock.
Impact
The impact is a denial of service through a kernel GPF, leading to system crash or oops. The CVSS score is 5.5 (Medium), reflecting local low complexity exploitation [1].
Mitigation
Patches have been applied to stable kernel trees to check for superblock existence for both internal and external bitmaps [2][3][4]. Users should update to a fixed kernel version. The bug was introduced in a recent change and is resolved in subsequent commits.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 6.15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/3d82a729530bd2110ba66e4a1f73461c776edec2nvdPatch
- git.kernel.org/stable/c/3e0542701b37aa25b025d8531583458e4f014c2envdPatch
- git.kernel.org/stable/c/a18f9b08c70e10ea3a897058fee8a4f3b4c146ecnvdPatch
- git.kernel.org/stable/c/a23b16ba3274961494f5ad236345d238364349ffnvdPatch
- git.kernel.org/stable/c/c17fb542dbd1db745c9feac15617056506dd7195nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
News mentions
0No linked articles in our index yet.