Linux Kernel NULL Pointer Dereference Vulnerability in MD RAID Management

A vulnerability in the Linux kernel's MD RAID management can lead to a NULL pointer dereference. This issue arises because the 'mddev_init' function does not properly initialize the 'bioset' before certain I/O operations, such as updating metadata after writing to sysfs. The lack of initialization can cause a NULL pointer dereference, triggering a kernel panic. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by creating a new RAID 1 array with two devices using the 'mdadm' command. After the array is created, the 'array_state' is set to inactive, and a new level is written to the 'new_level' sysfs interface. This sequence of actions triggers the NULL pointer dereference by initiating the 'md_run' process without the necessary 'bioset' initialization.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.