Linux Kernel Ethtool EEPROM Null Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's ethtool component, specifically within the EEPROM handling. This issue arises in the 'dump' operation, where the generic netlink information can be null, leading to a dereference error. The vulnerability is present in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash of the affected process or service.

Reproduction

The vulnerability can be reproduced by using the ethtool command to dump EEPROM data from a network driver that supports this feature. The command will trigger the 'dump' operation, where the lack of proper null checks on the generic netlink information can lead to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux stable tree.