| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011453-CVE-2025-71135-9522@gregkh> Date: Wed, 14 Jan 2026 16:07:59 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() The variable mddev->private is first assigned to conf and then checked: conf = mddev->private; if (!conf) ... If conf is NULL, then mddev->private is also NULL. In this case, null-pointer dereferences can occur when calling raid5_quiesce(): raid5_quiesce(mddev, true); raid5_quiesce(mddev, false); since mddev->private is assigned to conf again in raid5_quiesce(), and conf is dereferenced in several places, for example: conf->quiesce = 0; wake_up(&conf->wait_for_quiescent); To fix this issue, the function should unlock mddev and return before invoking raid5_quiesce() when conf is NULL, following the existing pattern in raid5_change_consistency_policy(). The Linux kernel CVE team has assigned CVE-2025-71135 to this issue. Affected and fixed versions =========================== Issue introduced in 6.12.4 with commit be19e6e4339d1579d5f2fae8ce4facf9521dbbfc and fixed in 6.12.64 with commit 20597b7229aea8b5bc45cd92097640257c7fc33b Issue introduced in 6.13 with commit fa1944bbe6220eb929e2c02e5e8706b908565711 and fixed in 6.18.4 with commit e5abb6af905de6b2fead8a0b3f32ab0b81468a01 Issue introduced in 6.13 with commit fa1944bbe6220eb929e2c02e5e8706b908565711 and fixed in 6.19-rc4 with commit 7ad6ef91d8745d04aff9cce7bdbc6320d8e05fe9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71135 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/raid5.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/20597b7229aea8b5bc45cd92097640257c7fc33b https://git.kernel.org/stable/c/e5abb6af905de6b2fead8a0b3f32ab0b81468a01 https://git.kernel.org/stable/c/7ad6ef91d8745d04aff9cce7bdbc6320d8e05fe9
Powered by blists - more mailing lists