CVE-2024-48881
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush().
1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache);
>From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721.
This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0729029e647234fa1a94376b6edffec5c2cd75f6 < 4379c5828492a4c2a651c8f826a01453bd2b80b0 | affected |
| Linux | Linux | db9439cef0b5efccf8021fe89f4953e0f901e85b < 336e30f32ae7c043fde0f6fa21586ff30bea9fe2 | affected |
| Linux | Linux | 991e9c186a8ac6ab272a86e0ddc6f9733c38b867 < fb5fee35bdd18316a84b5f30881a24e1415e1464 | affected |
| Linux | Linux | 68118c339c6e1e16ae017bef160dbe28a27ae9c8 < 5202391970ffbf81975251b3526b890ba027b715 | affected |
| Linux | Linux | 028ddcac477b691dd9205c92f991cc15259d033e < cc05aa2c0117e20fa25a3c0d915f98b8f2e78667 | affected |
| Linux | Linux | 028ddcac477b691dd9205c92f991cc15259d033e < 5e0e913624bcd24f3de414475018d3023f060ee1 | affected |
| Linux | Linux | 028ddcac477b691dd9205c92f991cc15259d033e < b2e382ae12a63560fca35050498e19e760adf8c0 | affected |
| Linux | Linux | fe75e8a0c20127a8dc95704f1a7ad6b82c9a0ef8 | affected |
| Linux | Linux | 0cabf9e164660e8d66c4810396046383a1110a69 | affected |
| Linux | Linux | 5.4.251 < 5.4.287 | affected |
| Linux | Linux | 5.10.188 < 5.10.231 | affected |
| Linux | Linux | 5.15.121 < 5.15.174 | affected |
| Linux | Linux | 6.1.39 < 6.1.120 | affected |
| Linux | Linux | 4.19.291 < 4.20 | affected |
| Linux | Linux | 6.4.4 < 6.5 | affected |
| Linux | Linux | 6.5 | affected |
| Linux | Linux | 0 < 6.5 | unaffected |
| Linux | Linux | 5.4.287 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.231 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.174 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.120 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.66 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.5 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
References
- https://git.kernel.org/stable/c/4379c5828492a4c2a651c8f826a01453bd2b80b0
- https://git.kernel.org/stable/c/336e30f32ae7c043fde0f6fa21586ff30bea9fe2
- https://git.kernel.org/stable/c/fb5fee35bdd18316a84b5f30881a24e1415e1464
- https://git.kernel.org/stable/c/5202391970ffbf81975251b3526b890ba027b715
- https://git.kernel.org/stable/c/cc05aa2c0117e20fa25a3c0d915f98b8f2e78667
- https://git.kernel.org/stable/c/5e0e913624bcd24f3de414475018d3023f060ee1
- https://git.kernel.org/stable/c/b2e382ae12a63560fca35050498e19e760adf8c0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.