Linux Kernel NULL Pointer Dereference Vulnerability in NVMe PCI Component

Vulnerability

A vulnerability in the Linux kernel's NVMe PCI component can lead to a NULL pointer dereference. This issue arises in the 'nvme_alloc_admin_tags' function, where the 'admin_q' variable may be set to an error state (typically due to insufficient memory) if the 'blk_mq_init_queue' call fails. When this error is propagated up the stack, it can trigger the 'nvme_remove_dead_ctrl' function, which checks only if the 'admin_q' is non-NULL. This oversight allows the function to attempt to quiesce a queue that doesn't exist, resulting in a bad or NULL pointer dereference.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash or undefined behavior in the kernel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in NVMe PCI Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating