CVE-2025-38451:

A vulnerability in the Linux kernel's bitmap statistics collection can lead to a general protection fault (GPF) due to improper checks for bitmap storage locations.

Score
A numerical rating that indicates how dangerous this vulnerability is.

5.5Medium

Published Date:Jul 25, 2025
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.0
EPSS Percentile:5%

Exploitability

Score:1.8
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:LOW
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:3.6
Confidentiality Impact:NONE
Integrity Impact:NONE
Availability Impact:HIGH

Description Preview

A vulnerability in the Linux kernel's bitmap statistics collection can lead to a general protection fault (GPF) due to improper checks for bitmap storage locations.

Overview

- **CVE ID**: CVE-2025-38451 - **Published Date**: July 25, 2025 - **Vulnerability Status**: Received - **Affected Component**: Linux kernel (specifically the `md/md-bitmap` module) - **Impact**: Potential system crashes or instability due to general protection faults when accessing bitmap statistics.

Remediation

To remediate this vulnerability, users should update their Linux kernel to a version that includes the fix for the `bitmap_get_stats()` function. The fix ensures that the existence of a super-block is validated for both internal and external bitmap storage locations, preventing the occurrence of general protection faults. Users are encouraged to monitor kernel updates from their respective distributions and apply patches as soon as they are available.