CVE-2025-21712: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21712 affects the Linux kernel's MD (Multiple Devices) driver, specifically related to bitmap handling in the RAID subsystem. The vulnerability was discovered in February 2025 and involves a synchronization issue in the bitmapgetstats() function with bitmap lifetime (NVD).

The vulnerability stems from a race condition where bitmapgetstats() can be called at any time if mddev is still present, even if the bitmap is destroyed or not fully initialized. The issue was exacerbated after commit ec6bb299c7c3 which added 'syncsize' into struct mdbitmap_stats, making the problem easier to trigger. When triggered, it can result in a general protection fault due to dereferencing bitmap in an unsafe state, causing a kernel panic (Kernel Commit).

When exploited, this vulnerability can cause a kernel panic through a general protection fault, leading to system crashes. This affects system stability and availability, particularly in systems using Linux MD RAID configurations (NVD).

The issue has been fixed by protecting bitmapgetstats() with bitmap_info.mutex. The fix includes additional checks for external bitmaps and uninitialized storage. The patch has been merged into the mainline kernel and is being backported to stable kernel versions (Kernel Commit).