Volerion logoVolerion
Volerion logoVolerion

Linux Kernel RCU NULL-Pointer Dereference Vulnerability in Preemptible RCU

Vulnerability

A vulnerability in the Linux kernel's handling of the RCU (Read-Copy-Update) mechanism can lead to a NULL-pointer dereference. This issue affects kernels built with CONFIG_PREEMPT_RCU enabled. The vulnerability arises when one CPU (CPU1) updates a task's expiration pointer in the RCU node structure without the necessary locks, allowing another CPU (CPU2) to read a stale pointer. If CPU1 sets the pointer to NULL, CPU2 may dereference it, causing a crash.

Impact

Exploitation of this vulnerability leads to a NULL-pointer dereference, causing a kernel crash.

Reproduction

To reproduce this vulnerability, use a kernel built with CONFIG_PREEMPT_RCU enabled. The issue can be triggered by manipulating the RCU task expiration pointers in a way that one CPU updates the pointer without proper locking, while another CPU reads the pointer, potentially leading to a NULL-pointer dereference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.

Added: Sep 18, 2025, 5:18 PM
Updated: Sep 18, 2025, 5:18 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.