CVE-2025-22124

Description

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k ------------------------------------------------------------------- | idle | md super | bm super [0] + bits | | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | | bm bits [3, contd] | | | So in node 1, pg_index in __write_sb_page() could equal to bitmap->storage.file_pages. Then bitmap_limit will be calculated to 0. md_super_write() will be called with 0 size. That means the first 4k sb area of node 1 will never be updated through filemap_write_page(). This bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize. Here use (pg_index % bitmap->storage.file_pages) to make calculation of bitmap_limit correct.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.04%• Percentile: 12%

Affected Systems

• linux•linux

  ≥ ab99a87542f194f28e2364a42afbf9fb48b1c724, < 60196f92bbc7901eb5cfa5d456651b87ea50a4a3 | ≥ ab99a87542f194f28e2364a42afbf9fb48b1c724, < bc3a9788961631359527763d7e1fcf26554c7cb1 | ≥ ab99a87542f194f28e2364a42afbf9fb48b1c724, < 6130825f34d41718c98a9b1504a79a23e379701e | 655cc01889fa9b65441922565cddee64af49e6d6 | 5600d6013c634c2b6b6c6c55c8ecb50c3a6211f2 | ≥ 6.6.44, < 6.7 | ≥ 6.10.3, < 6.11 | 6.11

• linux•linux_kernel

  ≥ 6.6.44, < 6.7 | ≥ 6.10.3, < 6.12.46 | ≥ 6.13, < 6.14.2

References (3)

• https://git.kernel.org/stable/c/60196f92bbc7901eb5cfa5d456651b87ea50a4a3
• https://git.kernel.org/stable/c/bc3a9788961631359527763d7e1fcf26554c7cb1
• https://git.kernel.org/stable/c/6130825f34d41718c98a9b1504a79a23e379701e