Volerion logoVolerion
Volerion logoVolerion

Linux Kernel XDP Socket NULL Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of XDP sockets can lead to a NULL pointer dereference. This issue occurs in versions of the kernel prior to 6.2.0, specifically in the stable branch. The vulnerability is triggered through the sendmsg() or poll() system calls, which both invoke a common function, xsk_xmit(). This function contains sanity checks that are not properly enforced, allowing the sendmsg() call to bypass checks for whether the network interface is up. As a result, a NULL pointer dereference occurs, causing a kernel crash.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially causing a denial of service.

Reproduction

To reproduce this vulnerability, use an XDP socket and issue a sendmsg() or poll() system call. The call will be processed by the xsk_xmit() function, which will incorrectly assume the network interface is up, leading to a NULL pointer dereference and a kernel crash.

Remediation

Users can upgrade to Linux kernel version 6.2.0 or later, where this vulnerability has been fixed.

Added: Sep 15, 2025, 4:23 PM
Updated: Sep 15, 2025, 4:23 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.