CVE-2024-48881

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74

Description: A vulnerability in the Linux kernel has been resolved. The issue is related to a NULL pointer dereference in the cache set flush() function. This occurs when the previous registration code fails before allocating c->root, making it possible for c->root to be NULL. The bch btree node alloc() function never returns NULL, but c->root can be NULL at the line where the check is performed. The patch replaces IS ERR() with IS ERR OR NULL() to fix this issue.

Recommendations: For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the cache set flush() function until a patch is available. Restrict access to the vulnerable bcache module to minimize the risk of exploitation. Avoid using the c->root variable in the affected cache set flush() function until the issue is resolved.