Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in mv88e6060 DSA Switch Driver

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's mv88e6060 DSA switch driver. This issue occurs in versions of the Linux kernel where the mv88e6060 switch driver is used. The vulnerability arises when a port is neither a CPU port nor a user port, leading to a NULL pointer in the 'cpu_dp' variable. This NULL pointer dereference can cause a kernel crash.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by configuring a DSA switch with an unused port that is neither a CPU port nor a user port. When the switch driver attempts to set up the port, it will dereference the NULL pointer, causing a kernel crash.

Added: Jun 18, 2025, 7:05 PM

Updated: Jun 18, 2025, 7:05 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in mv88e6060 DSA Switch Driver

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating