Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NULL Pointer Dereference Vulnerability in Memory Control Group Management

Vulnerability

A vulnerability allowing a NULL pointer dereference has been identified in the Linux kernel's memory control group (memcg) management. This issue arises in the 'obj_stock_flush_required' function, where the 'cached_objcg' pointer can be reset between the check and the dereference, leading to a data race condition. The vulnerability was reported by the Kernel Concurrency Sanitizer (KCSAN) and is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by using the 'syz-executor' tool, which is part of the syzkaller fuzzer. This tool can be used to generate and execute random system calls, triggering the race condition in the 'obj_stock_flush_required' function.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version available in the Linux kernel stable tree.

Added: Sep 18, 2025, 2:44 PM
Updated: Sep 18, 2025, 2:44 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.