A Null pointer de-reference problem was found in ida_free in lib/idr.c file when it calls the xas_load function and returns a null value, assigning NULL to the bitmap variable. Therefore, `if (xa_is_value(bitmap))` will fail and jump to the `else` branch. However, in the else branch, the statement `if (!test_bit(bit, bitmap->bitmap))` references the member of bitmap, which triggers a null pointer dereference vulnerability. Reference: https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2258419]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3138 https://access.redhat.com/errata/RHSA-2024:3138