Home

Description

In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddev_init IO operations may be needed before md_run(), such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL pointer dereference, address: 0000000000000020 Call Trace: md_update_sb+0x658/0xe00 new_level_store+0xc5/0x120 md_attr_store+0xc9/0x1e0 sysfs_kf_write+0x6f/0xa0 kernfs_fop_write_iter+0x141/0x2a0 vfs_write+0x1fc/0x5a0 ksys_write+0x79/0x180 __x64_sys_write+0x1d/0x30 x64_sys_call+0x2818/0x2880 do_syscall_64+0xa9/0x580 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Reproducer ``` mdadm -CR /dev/md0 -l1 -n2 /dev/sd[cd] echo inactive > /sys/block/md0/md/array_state echo 10 > /sys/block/md0/md/new_level ``` mddev_init() can only be called once per mddev, no need to test if bioset has been initialized anymore.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-24 | Updated 2025-12-24 | Assigner Linux

Product status

Default status
unaffected

d981ed8419303ed12351eea8541ad6cb76455fe3 (git) before 9d37fe37dfa0833a8768740f0575e0ffd793cb4a
affected

d981ed8419303ed12351eea8541ad6cb76455fe3 (git) before 381a3ce1c0ffed647c9b913e142b099c7e9d5afc
affected

Default status
affected

6.12
affected

Any version before 6.12
unaffected

6.18.2 (semver)
unaffected

6.19-rc1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/9d37fe37dfa0833a8768740f0575e0ffd793cb4a

git.kernel.org/...c/381a3ce1c0ffed647c9b913e142b099c7e9d5afc

cve.org (CVE-2025-68368)

nvd.nist.gov (CVE-2025-68368)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.