CVE-2022-50506

{"id": "CVE-2022-50506", "cveTags": [], "metrics": {}, "published": "2025-10-04T16:15:47.850", "references": [{"url": "https://git.kernel.org/stable/c/05580a3bbf3cec677cb00a85dfeb21d6a9b48eaf", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d42ddf7f27b6723549ee6d4c8b1b418b59bf6b5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: only clone bio if we have a backing device\n\nCommit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a\nbio_set_dev call (which has since been removed) to \"earlier\", from\ndrbd_request_prepare to drbd_req_new.\n\nThe problem is that this accesses device->ldev->backing_bdev, which is\nnot NULL-checked at this point. When we don't have an ldev (i.e. when\nthe DRBD device is diskless), this leads to a null pointer deref.\n\nSo, only allocate the private_bio if we actually have a disk. This is\nalso a small optimization, since we don't clone the bio to only to\nimmediately free it again in the diskless case."}], "lastModified": "2025-10-06T14:56:21.733", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}