medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

First published: Sat Jan 11 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Red Hat Kernel-devel
Linux Kernel>=4.19.291<4.20
Linux Kernel>=5.4.251<5.4.287
Linux Kernel>=5.10.188<5.10.231
Linux Kernel>=5.15.121<5.15.174
Linux Kernel>=6.1.39<6.1.120
Linux Kernel>=6.4.4<6.6.66
Linux Kernel>=6.7<6.12.5
Linux Kernel=6.13-rc1

Remedy

https://git.kernel.org/stable/c/336e30f32ae7c043fde0f6fa21586ff30bea9fe2

Remedy

https://git.kernel.org/stable/c/4379c5828492a4c2a651c8f826a01453bd2b80b0

Remedy

https://git.kernel.org/stable/c/5202391970ffbf81975251b3526b890ba027b715

Remedy

https://git.kernel.org/stable/c/5e0e913624bcd24f3de414475018d3023f060ee1

Remedy

https://git.kernel.org/stable/c/b2e382ae12a63560fca35050498e19e760adf8c0

Remedy

https://git.kernel.org/stable/c/cc05aa2c0117e20fa25a3c0d915f98b8f2e78667

Remedy

https://git.kernel.org/stable/c/fb5fee35bdd18316a84b5f30881a24e1415e1464

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-48881?

    CVE-2024-48881 has a medium severity rating due to potential null pointer dereference issues.

  • What versions of the Linux kernel are affected by CVE-2024-48881?

    CVE-2024-48881 affects multiple versions of the Linux kernel, specifically 4.19.291 to 4.20, 5.4.251 to 5.4.287, 5.10.188 to 5.10.231, 5.15.121 to 5.15.174, 6.1.39 to 6.1.120, 6.4.4 to 6.6.66, and 6.7 to 6.12.5.

  • How do I fix CVE-2024-48881?

    To fix CVE-2024-48881, update to the latest patched version of the Linux kernel that addresses this vulnerability.

  • What exploit methods are associated with CVE-2024-48881?

    CVE-2024-48881 could potentially be exploited to cause a denial-of-service through null pointer dereference.

  • What is the impact of CVE-2024-48881 on system performance?

    The impact of CVE-2024-48881 may lead to system instability and potential crashes, affecting overall performance.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203