Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Polled I/O NULL Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's block I/O polling mechanism can lead to a NULL pointer dereference, causing a crash. This issue occurs in version 5.12.0-0_fbk12_clang_7346_g1bb6f2e7058f. The problem arises when two tasks share a poll queue and one task completes I/O for the other, allowing a reused I/O request to be processed before the original task has finished, leading to a NULL reference.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by creating two tasks that perform polled I/O operations on the same poll queue. When one task completes its I/O and returns the request to the cache, it can be reallocated and processed by the other task before it has finished polling, causing a NULL pointer dereference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.

Added: Sep 17, 2025, 3:29 PM
Updated: Sep 17, 2025, 3:29 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.