CVE-2024-48881

bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

Description

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4379c5828492a4c2a651c8f826a01453bd2b80b0 patch
https://git.kernel.org/stable/c/336e30f32ae7c043fde0f6fa21586ff30bea9fe2 patch
https://git.kernel.org/stable/c/fb5fee35bdd18316a84b5f30881a24e1415e1464 patch
https://git.kernel.org/stable/c/5202391970ffbf81975251b3526b890ba027b715 patch
https://git.kernel.org/stable/c/cc05aa2c0117e20fa25a3c0d915f98b8f2e78667 patch
https://git.kernel.org/stable/c/5e0e913624bcd24f3de414475018d3023f060ee1 patch
https://git.kernel.org/stable/c/b2e382ae12a63560fca35050498e19e760adf8c0 patch

Frequently Asked Questions

What is the severity of CVE-2024-48881?
CVE-2024-48881 has been scored as a medium severity vulnerability.
How to fix CVE-2024-48881?
To fix CVE-2024-48881, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-48881 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-48881 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-48881?
CVE-2024-48881 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.