DRBD Vulnerability in Linux Kernel by Linux Foundation
CVE-2022-50506

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2022-50506?

A vulnerability in the DRBD implementation of the Linux kernel allows for a null pointer dereference when attempting to allocate a 'bio' structure without a valid backing device. This arises during the processing of diskless DRBD devices, which leads to potential stability issues. A recent commit inadvertently adjusted the order of operations related to device checks, resulting in this flaw. Optimizing the allocation process ensures that the system only creates necessary structures when a valid disk is present, mitigating the risk of encountering null pointer dereferences.

Affected Version(s)

Linux c347a787e34cba0e5a80a04082dacaf259105605 < 05580a3bbf3cec677cb00a85dfeb21d6a9b48eaf

Linux c347a787e34cba0e5a80a04082dacaf259105605 < 6d42ddf7f27b6723549ee6d4c8b1b418b59bf6b5

Linux 5.18

References

https://git.kernel.org/stable/c/05580a3bbf3cec677cb00a85d...

https://git.kernel.org/stable/c/6d42ddf7f27b6723549ee6d4c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Oct 4, 2025

JSON