CVE-2024-50109

Summary

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix null ptr dereference in raid10_size()

In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while mddev->private is still NULL, causing null ptr dereference in raid10_size().

Fix the problem by only overwrite the return value if raid10_set_queue_limits() failed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3d8466ba68d444f5528dcbff106e8bf5c7d51aa0 < b3054db2fd2d35f2eb3b4b5fb1407792f465391caffected
LinuxLinux3d8466ba68d444f5528dcbff106e8bf5c7d51aa0 < 825711e00117fc686ab89ac36a9a7b252dc349c6affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References