Primary

Context

Linux Kernel NBD Module Null Pointer Dereference Vulnerability

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's Network Block Device (NBD) module. This issue arises during the module's cleanup process, where the netlink command handling may not synchronize properly with module removal. As a result, this can lead to a null pointer dereference, causing a kernel oops error. The vulnerability was observed in Linux kernel version 5.14.0-rc4.

Impact

Exploitation of this vulnerability leads to a kernel null pointer dereference, causing a kernel oops error, which can disrupt system operations and potentially be exploited to execute arbitrary code in the kernel context.

Reproduction

The vulnerability can be reproduced by loading the NBD kernel module and then rapidly unloading it while a netlink command is being processed. This can create a race condition that the vulnerability exploits, leading to a null pointer dereference.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NBD Module Null Pointer Dereference Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating