Linux Kernel DRBD Component Null-Pointer Dereference Vulnerability

A null-pointer dereference vulnerability has been identified in the Linux kernel's DRBD (Distributed Replicated Block Device) component. This issue arises in the 'drbd_request_endio()' function, where a 'READ_COMPLETED_WITH_ERROR' status is sent to '__req_mod()' with a NULL 'peer_device'. The handler then passes this NULL value to 'drbd_set_out_of_sync()', leading to a null-pointer dereference. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a null-pointer dereference, which can lead to a denial of service by causing a kernel crash.

Reproduction

The vulnerability can be reproduced by simulating a local read error in the DRBD component, which triggers the 'READ_COMPLETED_WITH_ERROR' handler. This handler will then pass a NULL 'peer_device' to 'drbd_set_out_of_sync()', causing the null-pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.