5.5

CVE-2026-23285

drbd: fix null-pointer dereference on local read error

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error

In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to
__req_mod() with a NULL peer_device:

  __req_mod(req, what, NULL, &m);

The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this
NULL peer_device to drbd_set_out_of_sync(), which dereferences it,
causing a null-pointer dereference.

Fix this by obtaining the peer_device via first_peer_device(device),
matching how drbd_req_destroy() handles the same situation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.4 < 6.6.130
LinuxLinux Kernel Version >= 6.7 < 6.12.77
LinuxLinux Kernel Version >= 6.13 < 6.18.17
LinuxLinux Kernel Version >= 6.19 < 6.19.7
LinuxLinux Kernel Version7.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42
Patch
https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106
Patch
https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89
Patch
https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5
Patch
https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f
Patch