CVE-2022-50506

MEDIUM

Linux Kernel 5.18-5.18 - Null Pointer Dereference in DRBD Request Preparation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have a backing device Commit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a bio_set_dev call (which has since been removed) to "earlier", from drbd_request_prepare to drbd_req_new. The problem is that this accesses device->ldev->backing_bdev, which is not NULL-checked at this point. When we don't have an ldev (i.e. when the DRBD device is diskless), this leads to a null pointer deref. So, only allocate the private_bio if we actually have a disk. This is also a small optimization, since we don't clone the bio to only to immediately free it again in the diskless case.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/05580a3bbf3cec677cb00a85dfeb21d6a9b48eaf

Patch

https://git.kernel.org/stable/c/6d42ddf7f27b6723549ee6d4c8b1b418b59bf6b5

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (9)

linux/Kernel 5.18.0 - 6.0.6linux

Linux/Linux < 5.18

Linux/Linux 5.18

Linux/Linux 6.0.6 - 6.0.*

Linux/Linux 6.1

Linux/Linux c347a787e34cba0e5a80a04082dacaf259105605 - 05580a3bbf3cec677cb00a85dfeb21d6a9b48eaf

Linux/Linux c347a787e34cba0e5a80a04082dacaf259105605 - 6d42ddf7f27b6723549ee6d4c8b1b418b59bf6b5

linux/linux_kernel 6.1 rc1

linux/linux_kernel 5.18 - 6.0.6

Published Oct 04, 2025

Tracked Since Feb 18, 2026