Linux Kernel dm flakey NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's dm flakey module. This issue occurs when the 'arg_name' parameter is not properly validated before being compared, leading to a crash. The vulnerability can be triggered by creating a flakey device with a specific command that includes an invalid table line. The kernel version and the specific conditions under which this vulnerability can be reproduced are not mentioned, but the issue has been addressed in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a crash due to a NULL pointer dereference, disrupting system operations by causing a kernel panic or similar failure.

Reproduction

The vulnerability can be reproduced by using the 'dmsetup' command to create a flakey device. The command must include an invalid table line that causes a NULL pointer dereference. This can be achieved by specifying a direction argument ('r' or 'w') that is not properly checked for nullity, leading to the crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.