CVE-2025-71135

EPSS 0.02%
Veröffentlicht 14.01.2026 15:16:03
Zuletzt bearbeitet 14.01.2026 16:25:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt()

The variable mddev->private is first assigned to conf and then checked:

  conf = mddev->private;
  if (!conf) ...

If conf is NULL, then mddev->private is also NULL. In this case,
null-pointer dereferences can occur when calling raid5_quiesce():

  raid5_quiesce(mddev, true);
  raid5_quiesce(mddev, false);

since mddev->private is assigned to conf again in raid5_quiesce(), and conf
is dereferenced in several places, for example:

  conf->quiesce = 0;
  wake_up(&conf->wait_for_quiescent);

To fix this issue, the function should unlock mddev and return before
invoking raid5_quiesce() when conf is NULL, following the existing pattern
in raid5_change_consistency_policy().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 20597b7229aea8b5bc45cd92097640257c7fc33b

Version be19e6e4339d1579d5f2fae8ce4facf9521dbbfc

Status affected

Version < e5abb6af905de6b2fead8a0b3f32ab0b81468a01

Version fa1944bbe6220eb929e2c02e5e8706b908565711

Status affected

Version < 7ad6ef91d8745d04aff9cce7bdbc6320d8e05fe9

Version fa1944bbe6220eb929e2c02e5e8706b908565711

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.13

Status affected

Version < 6.13

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.4

Status unaffected

Version <= *

Version 6.19-rc4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/20597b7229aea8b5bc45cd92097640257c7fc33b

https://git.kernel.org/stable/c/7ad6ef91d8745d04aff9cce7bdbc6320d8e05fe9

https://git.kernel.org/stable/c/e5abb6af905de6b2fead8a0b3f32ab0b81468a01

https://nvd.nist.gov/vuln/detail/CVE-2025-71135

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71135

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71135

EUVD