Linux Kernel NULL Pointer Dereference Vulnerability in libata-core

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's libata-core component. The issue arises in the ata_host_alloc_pinfo() function, where the 'ppi' parameter may incorrectly point to an array beginning with a NULL pointer. This can lead to a kernel oops, as the 'pi' local variable fails to update from its initial NULL value. The vulnerability has been addressed by modifying the initialization of 'pi' to reference ata_dummy_port_info', effectively preventing the potential kernel oops.

Impact

Exploitation of this vulnerability can lead to a kernel oops, causing a disruption in kernel operations and potentially leading to a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in libata-core

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating