Linux Kernel SCSI iSCSI TCP NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's SCSI iSCSI TCP implementation. This issue arises when the socket is freed while it is being accessed through sysfs, leading to a crash. The vulnerability occurs in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by creating an iSCSI connection over TCP, then simultaneously freeing the associated socket while accessing it via the sysfs interface. This can be done by manipulating the connection's lifecycle in a way that triggers the race condition, such as stopping and destroying the connection from userspace while the system is still processing socket operations.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.