Medium severity5.5NVD Advisory· Published Oct 21, 2024· Updated May 12, 2026

CVE-2024-47705

Description

In the Linux kernel, the following vulnerability has been resolved:

block: fix potential invalid pointer dereference in blk_add_partition

The blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without confirming that part is a valid pointer.

This commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of md_autodetect_dev() calls.

Affected products

Linux/Linuxv5
Range: 5.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

5.5/ 10

Attack vector: Local
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Probability of exploitation in the next 30 days.

0.01%

VYPR risk score

Composite of severity, exploitation, and reach.

0.36medium

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-476
NULL Pointer Dereference

CVE ID

CVE-2024-47705