Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Null Pointer Dereference Vulnerability in RAID5 Cache Management

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's RAID5 cache management. The issue arises in the 'r5l_flush_stripe_to_raid()' function, which submits a flush operation after checking if the 'flushing_ios' list is empty. However, the 'r5l_log_flush_endio()' function clears the list before the flush operation is completed, leading to a null pointer dereference. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by submitting flush operations in a RAID5 cache while the 'flushing_ios' list is being cleared simultaneously. This can be done by triggering the 'r5l_flush_stripe_to_raid()' function to submit a flush operation, and then completing that operation, which clears the list before the flush is fully processed. This sequence of actions will result in a null pointer dereference.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.

Added: Sep 15, 2025, 6:00 PM
Updated: Sep 15, 2025, 6:00 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.