CVE-2024-47705
- Source
- https://cve.org/CVERecord?id=CVE-2024-47705
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47705.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47705
- Downstream
- Related
- Published
- 2024-10-21T11:53:40.071Z
- Modified
- 2026-03-20T12:38:04.958019Z
- Summary
- block: fix potential invalid pointer dereference in blk_add_partition
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
block: fix potential invalid pointer dereference in blkaddpartition
The blkaddpartition() function initially used a single if-condition (ISERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where mdautodetect_dev() could be called without confirming that part is a valid pointer.
This commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of mdautodetectdev() calls.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47705.json" }- References
-
- https://git.kernel.org/stable/c/26e197b7f9240a4ac301dd0ad520c0c697c2ea7d
- https://git.kernel.org/stable/c/4bc4272e2506941c3f3d4fb8b0c659ee814dcf6f
- https://git.kernel.org/stable/c/64cf2a39202ca2d9df5ee70eb310b6141ce2b8ed
- https://git.kernel.org/stable/c/652039ba477c9a4ab43740cf2cb0d068d53508c2
- https://git.kernel.org/stable/c/80f5bfbb80ea1615290dbc24f49d3d8c86db58fe
- https://git.kernel.org/stable/c/afe53ea9b378c376101d99d216f13b6256f75189
- https://git.kernel.org/stable/c/cc4d21d9492db4e534d3e01253cf885c90dd2a8b
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47705.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-47705
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb72053072c0bbe9f1cdfe2ffa3c201c185da2201Fixed4bc4272e2506941c3f3d4fb8b0c659ee814dcf6fFixedcc4d21d9492db4e534d3e01253cf885c90dd2a8bFixed64cf2a39202ca2d9df5ee70eb310b6141ce2b8edFixed80f5bfbb80ea1615290dbc24f49d3d8c86db58feFixed652039ba477c9a4ab43740cf2cb0d068d53508c2Fixedafe53ea9b378c376101d99d216f13b6256f75189Fixed26e197b7f9240a4ac301dd0ad520c0c697c2ea7d