CVE-2024-47705

block: fix potential invalid pointer dereference in blk_add_partition

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

block: fix potential invalid pointer dereference in blk_add_partition

The blk_add_partition() function initially used a single if-condition
(IS_ERR(part)) to check for errors when adding a partition. This was
modified to handle the specific case of -ENXIO separately, allowing the
function to proceed without logging the error in this case. However,
this change unintentionally left a path where md_autodetect_dev()
could be called without confirming that part is a valid pointer.

This commit separates the error handling logic by splitting the
initial if-condition, improving code readability and handling specific
error scenarios explicitly. The function now distinguishes the general
error case from -ENXIO without altering the existing behavior of
md_autodetect_dev() calls.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-30 CVE Reserved
2024-10-21 CVE Published
2024-10-25 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/b72053072c0bbe9f1cdfe2ffa3c201c185da2201	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4bc4272e2506941c3f3d4fb8b0c659ee814dcf6f	2024-10-17
https://git.kernel.org/stable/c/cc4d21d9492db4e534d3e01253cf885c90dd2a8b	2024-10-17
https://git.kernel.org/stable/c/64cf2a39202ca2d9df5ee70eb310b6141ce2b8ed	2024-10-17
https://git.kernel.org/stable/c/80f5bfbb80ea1615290dbc24f49d3d8c86db58fe	2024-10-04
https://git.kernel.org/stable/c/652039ba477c9a4ab43740cf2cb0d068d53508c2	2024-10-04
https://git.kernel.org/stable/c/afe53ea9b378c376101d99d216f13b6256f75189	2024-10-04
https://git.kernel.org/stable/c/26e197b7f9240a4ac301dd0ad520c0c697c2ea7d	2024-09-12

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.15.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.1.113"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.6.54 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.6.54"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.10.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.10.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.11.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.11.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.12"		en		Affected