Linux Kernel NULL Pointer Dereference Vulnerability in dm Stats Component

Vulnerability

A vulnerability in the Linux kernel's dm stats component can lead to a NULL pointer dereference. This issue arises because the component does not properly check the return value of the alloc_percpu function. If alloc_percpu fails, dm_stats_init should return an error, but the current implementation allows a NULL pointer dereference to occur during dm_stats_cleanup, even when dm-stats is not actively in use.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the kernel or the affected process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in dm Stats Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating