Linux Kernel NULL Pointer Dereference Vulnerability in sk_stream_wait_memory

A NULL pointer dereference vulnerability has been identified in the Linux kernel's networking component. This issue arises in the sk_stream_wait_memory function, where the socket's wait queue is accessed without checking if the socket is closed. The vulnerability affects the Linux kernel stable tree and can be exploited when a socket is prematurely closed while another thread is waiting for memory to send data, leading to a crash.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, which can lead to a system crash.

Reproduction

The vulnerability can be reproduced by creating a scenario where one thread sends a message using the TCP BPF (Berkeley Packet Filter) and another thread closes the associated socket. This sequence can be managed by directing the first thread to wait for memory while the second thread closes the socket, causing the wait queue to be accessed after it has been cleared, resulting in a NULL pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the patched version are available on the official Linux kernel website.