Linux Kernel NULL Pointer Dereference Vulnerability in sk_msg_recvmsg Function

Vulnerability

A vulnerability in the Linux kernel's socket message handling can lead to a NULL pointer dereference. This issue arises in the sk_msg_recvmsg function, particularly when sockmap redirection is used without stream parsing or verdicts. The vulnerability was introduced by a commit that changed how the end of the scatterlist is checked, failing to properly mark the end in certain cases. As a result, the function could incorrectly process socket messages, leading to a crash.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, which can lead to a system crash or undefined behavior.

Added: Jun 18, 2025, 9:24 PM

Updated: Jun 18, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in sk_msg_recvmsg Function

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating