CVE-2025-22124

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb<br /> <br /> In clustermd, separate write-intent-bitmaps are used for each cluster<br /> node:<br /> <br /> 0 4k 8k 12k<br /> -------------------------------------------------------------------<br /> | idle | md super | bm super [0] + bits |<br /> | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] |<br /> | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits |<br /> | bm bits [3, contd] | | |<br /> <br /> So in node 1, pg_index in __write_sb_page() could equal to<br /> bitmap-&gt;storage.file_pages. Then bitmap_limit will be calculated to<br /> 0. md_super_write() will be called with 0 size.<br /> That means the first 4k sb area of node 1 will never be updated<br /> through filemap_write_page().<br /> This bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.<br /> <br /> Here use (pg_index % bitmap-&gt;storage.file_pages) to make calculation<br /> of bitmap_limit correct.