CVE-2025-21712: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct md_bitmap_stats"), following panic is reported: Oops: general protection fault, probably for non-canonical address RIP: 0010:bitmap_get_stats+0x2b/0xa0 Call Trace: <TASK> md_seq_show+0x2d2/0x5b0 seq_read_iter+0x2b9/0x470 seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6c/0xf0 do_syscall_64+0x82/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Root cause is that bitmap_get_stats() can be called at anytime if mddev is still there, even if bitmap is destroyed, or not fully initialized. Deferenceing bitmap in this case can crash the kernel. Meanwhile, the above commit start to deferencing bitmap->storage, make the problem easier to trigger. Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.
AI Analysis
Technical Summary
CVE-2025-21712 is a vulnerability identified in the Linux kernel's md (multiple device) subsystem, specifically related to the md-bitmap component. The issue arises from a race condition in the function bitmap_get_stats(), which can be invoked at any time while the md device (mddev) still exists, even if the associated bitmap has been destroyed or is not fully initialized. This leads to a scenario where bitmap_get_stats() dereferences a pointer to bitmap->storage that may no longer be valid, causing a kernel panic due to a general protection fault triggered by accessing a non-canonical address. The problem was exacerbated by a recent commit (ec6bb299c7c3) that introduced dereferencing of bitmap->storage earlier, making the crash easier to trigger. The root cause is a lack of synchronization between the bitmap's lifetime and the bitmap_get_stats() function calls. The fix involves protecting bitmap_get_stats() with a mutex (bitmap_info.mutex) to ensure proper synchronization and prevent access to invalid memory. This vulnerability affects Linux kernel versions identified by the given commit hashes and is relevant to systems using md devices with bitmap support, typically used for RAID arrays to track synchronization status. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and infrastructure running Linux kernels with md RAID configurations that utilize bitmap support. Exploitation leads to a kernel panic, resulting in a denial of service (DoS) condition. This can cause system crashes, service interruptions, and potential data unavailability. While it does not directly lead to privilege escalation or data leakage, the availability impact can be significant for critical systems, especially those relying on RAID for data redundancy and performance. Organizations in sectors such as finance, healthcare, telecommunications, and government, which often deploy Linux-based servers with RAID configurations, could experience operational disruptions. Additionally, repeated crashes could complicate recovery and maintenance efforts, increasing downtime and operational costs. The lack of known exploits reduces immediate risk, but the ease of triggering a kernel panic through this race condition means that attackers with local access or the ability to induce specific system calls could exploit it to disrupt services.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2025-21712. Since the vulnerability arises from improper synchronization in the md-bitmap code, applying the official kernel update that introduces the mutex protection is essential. For environments where immediate patching is not feasible, administrators should consider temporarily disabling md bitmap support if it is not critical to operations, or avoid using md devices with bitmap features enabled. Monitoring system logs for kernel panics related to md devices can help detect attempted exploitation or instability. Additionally, implementing strict access controls to limit local user access and restricting the ability to trigger md device operations can reduce the risk of exploitation. Backup and recovery plans should be reviewed and tested to ensure rapid restoration in case of service disruption. Finally, organizations should stay informed about any emerging exploit code or further advisories related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2025-21712: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct md_bitmap_stats"), following panic is reported: Oops: general protection fault, probably for non-canonical address RIP: 0010:bitmap_get_stats+0x2b/0xa0 Call Trace: <TASK> md_seq_show+0x2d2/0x5b0 seq_read_iter+0x2b9/0x470 seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6c/0xf0 do_syscall_64+0x82/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Root cause is that bitmap_get_stats() can be called at anytime if mddev is still there, even if bitmap is destroyed, or not fully initialized. Deferenceing bitmap in this case can crash the kernel. Meanwhile, the above commit start to deferencing bitmap->storage, make the problem easier to trigger. Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.
AI-Powered Analysis
Technical Analysis
CVE-2025-21712 is a vulnerability identified in the Linux kernel's md (multiple device) subsystem, specifically related to the md-bitmap component. The issue arises from a race condition in the function bitmap_get_stats(), which can be invoked at any time while the md device (mddev) still exists, even if the associated bitmap has been destroyed or is not fully initialized. This leads to a scenario where bitmap_get_stats() dereferences a pointer to bitmap->storage that may no longer be valid, causing a kernel panic due to a general protection fault triggered by accessing a non-canonical address. The problem was exacerbated by a recent commit (ec6bb299c7c3) that introduced dereferencing of bitmap->storage earlier, making the crash easier to trigger. The root cause is a lack of synchronization between the bitmap's lifetime and the bitmap_get_stats() function calls. The fix involves protecting bitmap_get_stats() with a mutex (bitmap_info.mutex) to ensure proper synchronization and prevent access to invalid memory. This vulnerability affects Linux kernel versions identified by the given commit hashes and is relevant to systems using md devices with bitmap support, typically used for RAID arrays to track synchronization status. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and infrastructure running Linux kernels with md RAID configurations that utilize bitmap support. Exploitation leads to a kernel panic, resulting in a denial of service (DoS) condition. This can cause system crashes, service interruptions, and potential data unavailability. While it does not directly lead to privilege escalation or data leakage, the availability impact can be significant for critical systems, especially those relying on RAID for data redundancy and performance. Organizations in sectors such as finance, healthcare, telecommunications, and government, which often deploy Linux-based servers with RAID configurations, could experience operational disruptions. Additionally, repeated crashes could complicate recovery and maintenance efforts, increasing downtime and operational costs. The lack of known exploits reduces immediate risk, but the ease of triggering a kernel panic through this race condition means that attackers with local access or the ability to induce specific system calls could exploit it to disrupt services.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2025-21712. Since the vulnerability arises from improper synchronization in the md-bitmap code, applying the official kernel update that introduces the mutex protection is essential. For environments where immediate patching is not feasible, administrators should consider temporarily disabling md bitmap support if it is not critical to operations, or avoid using md devices with bitmap features enabled. Monitoring system logs for kernel panics related to md devices can help detect attempted exploitation or instability. Additionally, implementing strict access controls to limit local user access and restricting the ability to trigger md device operations can reduce the risk of exploitation. Backup and recovery plans should be reviewed and tested to ensure rapid restoration in case of service disruption. Finally, organizations should stay informed about any emerging exploit code or further advisories related to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.752Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe8580
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:26:00 AM
Last updated: 8/19/2025, 12:06:10 PM
Views: 19
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.