CVE-2024-26632: block: Fix iterating over an empty bio with bio_for_each_folio_all

Description

In the Linux kernel, the following vulnerability has been resolved:

block: Fix iterating over an empty bio with bio_for_each_folio_all

If the bio contains no data, bio_first_folio() calls page_folio() on a
NULL pointer and oopses. Move the test that we've reached the end of
the bio from bio_next_folio() to bio_first_folio().

[axboe: add unlikely() to error case]

Classification

CVE ID: CVE-2024-26632

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/c6350b5cb78e9024c49eaee6fdb914ad2903a5fe
https://git.kernel.org/stable/c/a6bd8182137a12d22d3f2cee463271bdcb491659
https://git.kernel.org/stable/c/ca3ede3f5893e2d26d4dbdef1eec28a8487fafde
https://git.kernel.org/stable/c/7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7

Timeline

2024-12-20 00:33:11 UTC
CVE

block: Fix iterating over an empty bio with bio_for_each_folio_all