CVE-2025-22124

Summary

In the Linux kernel, the following vulnerability has been resolved:

md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb

In clustermd, separate write-intent-bitmaps are used for each cluster node:

0 4k 8k 12k

| idle | md super | bm super [0] + bits | | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | | bm bits [3, contd] | | |

So in node 1, pg_index in __write_sb_page() could equal to bitmap->storage.file_pages. Then bitmap_limit will be calculated to 0. md_super_write() will be called with 0 size. That means the first 4k sb area of node 1 will never be updated through filemap_write_page(). This bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.

Here use (pg_index % bitmap->storage.file_pages) to make calculation of bitmap_limit correct.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxab99a87542f194f28e2364a42afbf9fb48b1c724 < 60196f92bbc7901eb5cfa5d456651b87ea50a4a3affected
LinuxLinuxab99a87542f194f28e2364a42afbf9fb48b1c724 < bc3a9788961631359527763d7e1fcf26554c7cb1affected
LinuxLinuxab99a87542f194f28e2364a42afbf9fb48b1c724 < 6130825f34d41718c98a9b1504a79a23e379701eaffected
LinuxLinux655cc01889fa9b65441922565cddee64af49e6d6affected
LinuxLinux5600d6013c634c2b6b6c6c55c8ecb50c3a6211f2affected
LinuxLinux6.6.44 < 6.7affected
LinuxLinux6.10.3 < 6.11affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.12.46 <= 6.12.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References