CVE-2025-21712 | md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct md_bitmap_stats"), following panic is reported: Oops: general protection fault, probably for non-canonical address RIP: 0010:bitmap_get_stats+0x2b/0xa0 Call Trace: <TASK> md_seq_show+0x2d2/0x5b0 seq_read_iter+0x2b9/0x470 seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6c/0xf0 do_syscall_64+0x82/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Root cause is that bitmap_get_stats() can be called at anytime if mddev is still there, even if bitmap is destroyed, or not fully initialized. Deferenceing bitmap in this case can crash the kernel. Meanwhile, the above commit start to deferencing bitmap->storage, make the problem easier to trigger. Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.

Published: 2025-02-27 Last update: 2026-06-01 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2025-21712

EPSS CVSS GHSA Affected OS Tracker

Conclusion & alert: CVE-2025-21712 is rated Low Risk (26.4/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.04%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-21712

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-28	0.05%	0.04%	-0.01%
2	2025-12-27	0.03%	0.05%	+0.02%
3	2025-11-04	—	0.03%	—

Full EPSS history (15 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-21712

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	3.6	[email protected]

Weakness enumeration for CVE-2025-21712

GitHub Security Advisory for CVE-2025-21712

GHSA-vq63-h845-wgm6 · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize...

OS Trackers for CVE-2025-21712

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-21712 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5, open 1.	https://security-tracker.debian.org/tracker/CVE-2025-21712
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2025-21712
`suse`	medium	CVE-2025-21712 severity moderate: SUSE including 40 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 75 product×package rows across 8 product lines (SUSE Linux Enterprise High Availability Extension 15 SP5, SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS, … (8 product lines)): Known Not Affected 49, Fixed 26.	https://www.suse.com/security/cve/CVE-2025-21712/
`ubuntu`	medium	CVE-2025-21712 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1551 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1145, ignored 154, released 135, needed 74, not-affected 43.	https://ubuntu.com/security/CVE-2025-21712

Affected software / configurations for CVE-2025-21712

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 2.6.13, < 6.1.130	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.2, < 6.6.80	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.7, < 6.12.13	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.13, < 6.13.2	cpe:2.3:o:linux:linux_kernel::::::::

References for CVE-2025-21712

URL	Tags
https://git.kernel.org/stable/c/032fa54f486eac5507976e7e31f079a767bc13a8	Patch
https://git.kernel.org/stable/c/237e19519c8ff6949f0ef57c4a0243f5b2b0fa18	Patch
https://git.kernel.org/stable/c/4e9316eee3885bfb311b4759513f2ccf37891c09	Patch
https://git.kernel.org/stable/c/52848a095b55a302af92f52ca0de5b3112059bb8	Patch
https://git.kernel.org/stable/c/8d28d0ddb986f56920ac97ae704cc3340a699a30	Patch
https://git.kernel.org/stable/c/eb2f9d98cd3e94a79fbf8fb90637c5b12e805428
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
https://cert-portal.siemens.com/productcert/html/ssa-082556.html

cvelogic Threat Intelligence