CVE-2024-47705

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue concerns a potential invalid pointer dereference in the blk add partition() function. Initially, this function used a single if-condition IS ERR(part) to check for errors when adding a partition. However, a modification to handle the specific case of -ENXIO separately unintentionally left a path where md autodetect dev() could be called without confirming that part is a valid pointer. The error handling logic has been improved by splitting the initial if-condition, allowing the function to distinguish the general error case from -ENXIO without altering the existing behavior of md autodetect dev() calls.

Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the blk add partition() function until a patch is available. Additionally, ensure that the md autodetect dev() function is called only after confirming that the part pointer is valid.