CVE-2025-68368
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux md Driver Causes Kernel Crash

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddev_init IO operations may be needed before md_run(), such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL pointer dereference, address: 0000000000000020 Call Trace: md_update_sb+0x658/0xe00 new_level_store+0xc5/0x120 md_attr_store+0xc9/0x1e0 sysfs_kf_write+0x6f/0xa0 kernfs_fop_write_iter+0x141/0x2a0 vfs_write+0x1fc/0x5a0 ksys_write+0x79/0x180 __x64_sys_write+0x1d/0x30 x64_sys_call+0x2818/0x2880 do_syscall_64+0xa9/0x580 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Reproducer ``` mdadm -CR /dev/md0 -l1 -n2 /dev/sd[cd] echo inactive > /sys/block/md0/md/array_state echo 10 > /sys/block/md0/md/new_level ``` mddev_init() can only be called once per mddev, no need to test if bioset has been initialized anymore.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68368
EUVD
EUVD-2025-205086
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves a NULL pointer dereference caused by uninitialized bioset in the mddev_init function. IO operations may occur before md_run(), such as updating metadata after writing to sysfs. Without the bioset being initialized, these operations trigger a NULL pointer dereference, leading to a kernel crash. The issue arises because mddev_init() can only be called once per mddev, so there is no need to check if bioset has been initialized again.


How can this vulnerability impact me? :

This vulnerability can cause a kernel NULL pointer dereference, which results in a kernel crash (BUG). This can lead to system instability, potential denial of service, and interruption of normal operations on systems using the affected Linux kernel md subsystem.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to reproduce the NULL pointer dereference using the provided commands that interact with the md device. Specifically, you can run the following commands to test for the issue: mdadm -CR /dev/md0 -l1 -n2 /dev/sd[cd] echo inactive > /sys/block/md0/md/array_state echo 10 > /sys/block/md0/md/new_level If these commands cause a kernel NULL pointer dereference or system crash, the vulnerability is present.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the bioset is properly initialized before any IO operations that update metadata are performed on md devices. Since mddev_init() can only be called once per mddev and bioset initialization is now handled correctly, updating the Linux kernel to a version that includes this fix will mitigate the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart