Linux Kernel ibmvfc NULL Pointer Dereference Vulnerability

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ibmvfc SCSI driver. This issue arises because the vhost adapter back pointer is not set until after the subcrq interrupt registration. The vulnerability can lead to a kernel crash by dereferencing a garbage pointer, especially during kexec/kdump operations on Power 9 systems with the legacy XICS interrupt controller. The problem occurs when a pending subcrq interrupt from the previous kernel is immediately replayed upon IRQ registration, causing a crash by accessing an invalid memory area.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, where the kernel attempts to read from an invalid memory address, leading to a segmentation fault.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ibmvfc NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating