CVE-2022-50506
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drbd: only clone bio if we have a backing device
Commit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a bio_set_dev call (which has since been removed) to "earlier", from drbd_request_prepare to drbd_req_new.
The problem is that this accesses device->ldev->backing_bdev, which is not NULL-checked at this point. When we don't have an ldev (i.e. when the DRBD device is diskless), this leads to a null pointer deref.
So, only allocate the private_bio if we actually have a disk. This is also a small optimization, since we don't clone the bio to only to immediately free it again in the diskless case.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c347a787e34cba0e5a80a04082dacaf259105605 < 05580a3bbf3cec677cb00a85dfeb21d6a9b48eaf | affected |
| Linux | Linux | c347a787e34cba0e5a80a04082dacaf259105605 < 6d42ddf7f27b6723549ee6d4c8b1b418b59bf6b5 | affected |
| Linux | Linux | 5.18 | affected |
| Linux | Linux | 0 < 5.18 | unaffected |
| Linux | Linux | 6.0.6 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/05580a3bbf3cec677cb00a85dfeb21d6a9b48eaf
- https://git.kernel.org/stable/c/6d42ddf7f27b6723549ee6d4c8b1b418b59bf6b5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.