Coly Li

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the `raid1 write request()` function. Specifically, `r1 bio->bios[]` is used to record new bios that will be issued to underlying disks. However, in `raid1 write request()`, `r1 bio->bios[]` will set to the original bio temporarily. If a blocked rdev is set, `free r1bio()` will be called, causing all `r1 bio->bios[]` to be freed. This can lead to a situation where the original bio is freed, resulting in a use-after-free error. The vulnerability can be exploited to cause a denial of service. Technical details about exploitation include: - The `raid1 write request()` function is vulnerable. - The `r1 bio->bios[]` array is used to record new bios. - The `free r1bio()` function is called when a blocked rdev is set. - The `bio put()` function is used to free the original bio. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.