Volerion logoVolerion
Volerion logoVolerion

Linux Kernel DRBD Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's DRBD (Distributed Replicated Block Device) module. This issue arises in diskless DRBD devices, where the absence of a backing device leads to a null pointer dereference. The vulnerability was introduced when a bio_set_dev call was moved to an earlier stage in the request preparation process, without proper null-checking. As a result, the DRBD device's backing block device reference could be accessed when it was not available, causing a null pointer dereference.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.

Added: Oct 4, 2025, 7:12 PM
Updated: Oct 4, 2025, 7:12 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.3
remediation
7.7
relevance
0.6
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.