Linux Kernel NULL Pointer Dereference Vulnerability in libata-transport

Vulnerability

A vulnerability in the Linux kernel's libata-transport component can lead to a NULL pointer dereference. This issue arises in the ata_tport_add() function, where a double call to ata_host_put() improperly manages reference counts. The error path decreases the reference count to zero, freeing all associated ports and setting them to null. When the device is unbound after a failure, ata_host_stop() attempts to release resources, resulting in a dereference of a null pointer since all ports have been freed. This vulnerability has been addressed by removing the redundant ata_host_put() call in the error handling path.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in libata-transport

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating