Linux Kernel NULL Pointer Dereference Vulnerability in IOMMU Mediatek Component

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's IOMMU Mediatek component. This issue arises when the 'larbdev' is NULL, leading to a failure in the 'device_link_add()' function and causing a kernel crash. The vulnerability can be triggered by incorrect device tree settings, which allow the probe to proceed despite missing necessary device links. The error log indicates a kernel crash due to an unhandled NULL pointer dereference, highlighting the vulnerability's impact.

Impact

Exploitation of this vulnerability leads to a kernel crash caused by an unhandled NULL pointer dereference, disrupting system operations and potentially causing a denial of service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in IOMMU Mediatek Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating