Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Null Pointer Dereference Vulnerability in Unittest Node Name Lookup

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's unittest framework. This issue arises in the 'of_unittest_find_node_by_name' function when memory allocation fails, leaving the 'name' or 'full_name' variables null. The subsequent comparison using 'strcmp' leads to a null pointer dereference. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or denial of service.

Reproduction

The vulnerability can be reproduced by running the unittest that invokes 'of_unittest_find_node_by_name'. This function attempts to find device tree nodes and relies on memory allocation to format node names. If the allocation fails, the function will attempt to compare a null pointer, causing a crash.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Git Repository.

Added: Dec 30, 2025, 4:19 PM
Updated: Dec 30, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
1.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.