CVE-2024-50109

md/raid10: fix null ptr dereference in raid10_size()

Description

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while mddev->private is still NULL, causing null ptr dereference in raid10_size(). Fix the problem by only overwrite the return value if raid10_set_queue_limits() failed.

References

Link	Tags
https://git.kernel.org/stable/c/b3054db2fd2d35f2eb3b4b5fb1407792f465391c	patch
https://git.kernel.org/stable/c/825711e00117fc686ab89ac36a9a7b252dc349c6	patch

Frequently Asked Questions

What is the severity of CVE-2024-50109?: CVE-2024-50109 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50109?: To fix CVE-2024-50109, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50109 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-50109 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50109?: CVE-2024-50109 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-476 – NULL Pointer Dereference

References

Frequently Asked Questions