Volerion logoVolerion
Volerion logoVolerion

Linux Kernel RAID1 NULL Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's RAID1 implementation can lead to a NULL pointer dereference. This issue occurs when a RAID1 array is assembled with only inactive disks, causing the associated mdx_raid1 thread to remain active despite the release of related resources. When the system is powered off, this oversight triggers a NULL dereference, resulting in a kernel crash. The vulnerability affects several Linux kernel versions, including 5.10.146.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to data loss.

Reproduction

To reproduce this vulnerability, assemble a RAID1 array using only inactive disks. This will cause the mdx_raid1 thread to remain active, even after the associated resources have been released. When the system is powered off, the NULL pointer dereference will occur, leading to a kernel crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version.

Added: Dec 24, 2025, 6:15 PM
Updated: Dec 24, 2025, 6:15 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.