CVE-2022-50506

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drbd: only clone bio if we have a backing device<br /> <br /> Commit c347a787e34cb (drbd: set -&gt;bi_bdev in drbd_req_new) moved a<br /> bio_set_dev call (which has since been removed) to "earlier", from<br /> drbd_request_prepare to drbd_req_new.<br /> <br /> The problem is that this accesses device-&gt;ldev-&gt;backing_bdev, which is<br /> not NULL-checked at this point. When we don&amp;#39;t have an ldev (i.e. when<br /> the DRBD device is diskless), this leads to a null pointer deref.<br /> <br /> So, only allocate the private_bio if we actually have a disk. This is<br /> also a small optimization, since we don&amp;#39;t clone the bio to only to<br /> immediately free it again in the diskless case.