CVE-2025-71135
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
14/01/2026
Last modified:
25/03/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt()<br />
<br />
The variable mddev->private is first assigned to conf and then checked:<br />
<br />
conf = mddev->private;<br />
if (!conf) ...<br />
<br />
If conf is NULL, then mddev->private is also NULL. In this case,<br />
null-pointer dereferences can occur when calling raid5_quiesce():<br />
<br />
raid5_quiesce(mddev, true);<br />
raid5_quiesce(mddev, false);<br />
<br />
since mddev->private is assigned to conf again in raid5_quiesce(), and conf<br />
is dereferenced in several places, for example:<br />
<br />
conf->quiesce = 0;<br />
wake_up(&conf->wait_for_quiescent);<br />
<br />
To fix this issue, the function should unlock mddev and return before<br />
invoking raid5_quiesce() when conf is NULL, following the existing pattern<br />
in raid5_change_consistency_policy().
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.12.4 (including) | 6.12.64 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13.1 (including) | 6.18.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page