CVE-2022-50506

Summary

In the Linux kernel, the following vulnerability has been resolved:

drbd: only clone bio if we have a backing device

Commit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a bio_set_dev call (which has since been removed) to "earlier", from drbd_request_prepare to drbd_req_new.

The problem is that this accesses device->ldev->backing_bdev, which is not NULL-checked at this point. When we don't have an ldev (i.e. when the DRBD device is diskless), this leads to a null pointer deref.

So, only allocate the private_bio if we actually have a disk. This is also a small optimization, since we don't clone the bio to only to immediately free it again in the diskless case.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc347a787e34cba0e5a80a04082dacaf259105605 < 05580a3bbf3cec677cb00a85dfeb21d6a9b48eafaffected
LinuxLinuxc347a787e34cba0e5a80a04082dacaf259105605 < 6d42ddf7f27b6723549ee6d4c8b1b418b59bf6b5affected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux6.0.6 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References