Linux Kernel IPv6 Module Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's handling of IPv6 neighbor tables. This issue occurs in the 'neigh_table_clear()' function when the IPv6 module is initialized but encounters an error. The faulty cleanup process triggers a kernel panic by dereferencing a null pointer, causing a fatal exception and halting the system. The vulnerability arises because the 'ndisc_cleanup()' function, part of the IPv6 initialization process, calls 'neigh_table_clear()' without properly checking if the associated device is valid. As a result, the cleanup process attempts to purge the proxy queue of a non-existent device, leading to a crash.

Impact

Exploitation of this vulnerability causes a kernel panic, abruptly terminating the system's operation and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading the IPv6 module into the Linux kernel environment, such as a QEMU virtual machine. If the module initialization fails, the 'ndisc_cleanup()' function is triggered, which improperly cleans up the neighbor table. This process calls 'neigh_table_clear()' with a null device reference, causing the null pointer dereference and resulting in a kernel panic.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest version where this issue has been fixed.