Linux Kernel Bitset Size Vulnerability in DM Log Component

Vulnerability

A vulnerability exists in the Linux kernel's DM (Device Mapper) log component, specifically in how it handles region bitmap sizes. The issue arises because the code rounds up the bitset size to 32 bits and then uses a function that accesses the bitmap with unsigned long pointers. On 64-bit architectures, this can lead to reading 4 bytes beyond the allocated size. The vulnerability was identified while running the LVM2 testsuite with KASAN (Kernel Address Sanitizer).

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bitset Size Vulnerability in DM Log Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating