Linux Kernel NULL Pointer Dereference Vulnerability in SCSI Subsystem

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's SCSI subsystem, specifically within the 'sd' driver. This issue arises when the 'sd_probe()' function encounters an early error before the 'sdkp->device' is fully initialized. In such cases, the 'sd_zbc_release_disk()' function is called, leading to a NULL pointer dereference when 'sd_is_zoned()' is invoked. The vulnerability has been addressed by removing the problematic call to 'sd_zbc_release_disk()' in the error handling path of 'sd_probe()'. This modification is safe and prevents any memory leakage of zone information, as the zone data for a zoned disk is only allocated when 'sd_revalidate_disk()' is called, ensuring that 'sdkp->disk_dev' is properly set and allowing for the necessary cleanup of disk zone information.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash of the affected component.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in SCSI Subsystem

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating