Description

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() The variable mddev->private is first assigned to conf and then checked: conf = mddev->private; if (!conf) ... If conf is NULL, then mddev->private is also NULL. In this case, null-pointer dereferences can occur when calling raid5_quiesce(): raid5_quiesce(mddev, true); raid5_quiesce(mddev, false); since mddev->private is assigned to conf again in raid5_quiesce(), and conf is dereferenced in several places, for example: conf->quiesce = 0; wake_up(&conf->wait_for_quiescent); To fix this issue, the function should unlock mddev and return before invoking raid5_quiesce() when conf is NULL, following the existing pattern in raid5_change_consistency_policy().

INFO

Published Date :

2026-01-14T15:07:49.891Z

Last Modified :

2026-01-14T15:07:49.891Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-71135 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71135.

URL Resource
https://git.kernel.org/stable/c/20597b7229aea8b5bc45cd92097640257c7fc33b cve-icon cve-icon
https://git.kernel.org/stable/c/7ad6ef91d8745d04aff9cce7bdbc6320d8e05fe9 cve-icon cve-icon
https://git.kernel.org/stable/c/e5abb6af905de6b2fead8a0b3f32ab0b81468a01 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026011453-CVE-2025-71135-9522@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-71135 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-71135 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact