CVE-2025-22124: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Description
In the Linux kernel, the following vulnerability has been resolved:
md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
In clustermd, separate write-intent-bitmaps are used for each cluster
node:
0 4k 8k 12k
-------------------------------------------------------------------
| idle | md super | bm super [0] + bits |
| bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] |
| bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits |
| bm bits [3, contd] | | |
So in node 1, pg_index in __write_sb_page() could equal to
bitmap->storage.file_pages. Then bitmap_limit will be calculated to
0. md_super_write() will be called with 0 size.
That means the first 4k sb area of node 1 will never be updated
through filemap_write_page().
This bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.
Here use (pg_index % bitmap->storage.file_pages) to make calculation
of bitmap_limit correct.
Classification
CVE ID: CVE-2025-22124
Affected Products
Vendor: Linux
Product: Linux, Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 4.95% (scored less or equal to compared to others)
EPSS Date: 2025-05-05 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-22124https://git.kernel.org/stable/c/bc3a9788961631359527763d7e1fcf26554c7cb1
https://git.kernel.org/stable/c/6130825f34d41718c98a9b1504a79a23e379701e