5.5

CVE-2024-41077

null_blk: fix validation of block size

In the Linux kernel, the following vulnerability has been resolved:

null_blk: fix validation of block size

Block size should be between 512 and PAGE_SIZE and be a power of 2. The current
check does not validate this, so update the check.

Without this patch, null_blk would Oops due to a null pointer deref when
loaded with bs=1536 [1].


[axboe: remove unnecessary braces and != 0 check]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.10.223
LinuxLinux Kernel Version >= 5.11 < 5.15.164
LinuxLinux Kernel Version >= 5.16 < 6.1.101
LinuxLinux Kernel Version >= 6.2 < 6.6.42
LinuxLinux Kernel Version >= 6.7 < 6.9.11
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.129
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/08f03186b96e25e3154916a2e70732557c770ea7
Patch
https://git.kernel.org/stable/c/2772ed2fc075eef7df3789906fc9dae01e4e132e
Patch
https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1
Patch
https://git.kernel.org/stable/c/9b873bdaae64bddade9d8c6df23c8a31948d47d0
Patch
https://git.kernel.org/stable/c/c462ecd659b5fce731f1d592285832fd6ad54053
Patch
https://git.kernel.org/stable/c/f92409a9da02f27d05d713bff5f865e386cef9b3
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html