Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in Event Probes Handling

Vulnerability

A vulnerability in the Linux kernel's event probe handling has been identified, leading to a NULL pointer dereference. This issue arises because event probes do not utilize the standard register state, allowing for an unintended retrieval of the instruction pointer. The vulnerability was discovered in Linux kernel version 5.19.0-rc5-test+.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations.

Reproduction

The vulnerability can be reproduced by using the 'trace-cmd' tool to manipulate event probes. Attempting to access the instruction pointer within this context will trigger a NULL pointer dereference, causing a kernel crash.

Remediation

Users should update to the latest stable version of the Linux kernel where this vulnerability has been addressed.

Added: Jun 18, 2025, 6:04 PM

Updated: Jun 18, 2025, 6:04 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in Event Probes Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating