FKIE_CVE-2025-68368

Vulnerability from fkie_nvd - Published: 2025-12-24 11:16 - Updated: 2025-12-29 15:58
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddev_init IO operations may be needed before md_run(), such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL pointer dereference, address: 0000000000000020 Call Trace: md_update_sb+0x658/0xe00 new_level_store+0xc5/0x120 md_attr_store+0xc9/0x1e0 sysfs_kf_write+0x6f/0xa0 kernfs_fop_write_iter+0x141/0x2a0 vfs_write+0x1fc/0x5a0 ksys_write+0x79/0x180 __x64_sys_write+0x1d/0x30 x64_sys_call+0x2818/0x2880 do_syscall_64+0xa9/0x580 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Reproducer ``` mdadm -CR /dev/md0 -l1 -n2 /dev/sd[cd] echo inactive > /sys/block/md0/md/array_state echo 10 > /sys/block/md0/md/new_level ``` mddev_init() can only be called once per mddev, no need to test if bioset has been initialized anymore.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/381a3ce1c0ffed647c9b913e142b099c7e9d5afc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9d37fe37dfa0833a8768740f0575e0ffd793cb4a
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: init bioset in mddev_init\n\nIO operations may be needed before md_run(), such as updating metadata\nafter writing sysfs. Without bioset, this triggers a NULL pointer\ndereference as below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n Call Trace:\n  md_update_sb+0x658/0xe00\n  new_level_store+0xc5/0x120\n  md_attr_store+0xc9/0x1e0\n  sysfs_kf_write+0x6f/0xa0\n  kernfs_fop_write_iter+0x141/0x2a0\n  vfs_write+0x1fc/0x5a0\n  ksys_write+0x79/0x180\n  __x64_sys_write+0x1d/0x30\n  x64_sys_call+0x2818/0x2880\n  do_syscall_64+0xa9/0x580\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nReproducer\n```\n  mdadm -CR /dev/md0 -l1 -n2 /dev/sd[cd]\n  echo inactive \u003e /sys/block/md0/md/array_state\n  echo 10 \u003e /sys/block/md0/md/new_level\n```\n\nmddev_init() can only be called once per mddev, no need to test if bioset\nhas been initialized anymore."
    }
  ],
  "id": "CVE-2025-68368",
  "lastModified": "2025-12-29T15:58:34.503",
  "metrics": {},
  "published": "2025-12-24T11:16:00.373",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/381a3ce1c0ffed647c9b913e142b099c7e9d5afc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9d37fe37dfa0833a8768740f0575e0ffd793cb4a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.