U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-48881 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/336e30f32ae7c043fde0f6fa21586ff30bea9fe2 kernel.org Patch 
https://git.kernel.org/stable/c/4379c5828492a4c2a651c8f826a01453bd2b80b0 kernel.org Patch 
https://git.kernel.org/stable/c/5202391970ffbf81975251b3526b890ba027b715 kernel.org Patch 
https://git.kernel.org/stable/c/5e0e913624bcd24f3de414475018d3023f060ee1 kernel.org Patch 
https://git.kernel.org/stable/c/b2e382ae12a63560fca35050498e19e760adf8c0 kernel.org Patch 
https://git.kernel.org/stable/c/cc05aa2c0117e20fa25a3c0d915f98b8f2e78667 kernel.org Patch 
https://git.kernel.org/stable/c/fb5fee35bdd18316a84b5f30881a24e1415e1464 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html CVE
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html CVE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference cwe source acceptance level NIST   CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-48881
NVD Published Date:
01/11/2025
NVD Last Modified:
11/03/2025
Source:
kernel.org