Linux Kernel NULL Pointer Dereference Vulnerability in Ring Buffer Handling

Vulnerability

A vulnerability in the Linux kernel's tracing subsystem can lead to a NULL pointer dereference. This issue arises because the ring buffer only allocates per-CPU buffers for online CPUs, despite the CPU array potentially listing more CPUs than actually exist. When the ring_buffer_wake_waiters() function is called, it must ensure that the CPU buffer is allocated before attempting to wake waiters, as failing to do so can cause a NULL pointer dereference. The vulnerability has been addressed by adding checks to verify that the buffer is allocated and that the CPU number is valid.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in Ring Buffer Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating