Linux Kernel NULL Pointer Dereference Vulnerability in Watch Queue Error Cleanup

Vulnerability

A vulnerability in the Linux kernel's watch queue error cleanup process can lead to a NULL pointer dereference. In the function watch_queue_set_size(), the error handling code fails to consider that the __free_page() function cannot process a NULL pointer when freeing buffer pages. This oversight can cause a NULL pointer dereference, as reported by the Kernel Address Sanitizer (KASAN). The issue arises in the error cleanup phase when allocated pages are being freed, creating a potential vulnerability.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected kernel process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in Watch Queue Error Cleanup

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating