Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Null Pointer Dereference Vulnerability in Block-MQ Component

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's block-mq component. This issue arises because the function blk_mq_alloc_map_and_rqs() can fail due to out-of-memory conditions, leaving a pointer uninitialized. When blk_mq_clear_rq_mapping() is subsequently called, it attempts to dereference this null pointer, leading to a crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a kernel crash.

Reproduction

The vulnerability can be reproduced by triggering an out-of-memory condition that causes blk_mq_alloc_map_and_rqs() to fail. This leaves the tags pointer for the current execution context index (hctx_idx) uninitialized. When blk_mq_clear_rq_mapping() is called, it dereferences the null pointer, leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 7, 2025, 6:27 PM
Updated: Oct 7, 2025, 6:27 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.