Linux Kernel NULL Pointer Dereference Vulnerability in Flower Traffic Classifier

A vulnerability allowing a NULL pointer dereference has been identified in the Linux kernel's traffic classification subsystem, specifically within the Flower classifier module. This issue arises from improper initialization of filter handles, which can lead to concurrent users accessing filters that are not fully initialized, causing a NULL pointer dereference. The vulnerability affects Linux kernel versions prior to 6.3.0-rc4.

Impact

Exploitation of this vulnerability leads to a general protection fault caused by a NULL pointer dereference, disrupting normal kernel operations and potentially causing a denial of service.

Reproduction

The vulnerability can be reproduced by manipulating the Flower traffic classifier's filter handle initialization process. This can be done by concurrently accessing a filter that is in the process of being initialized, which will trigger the NULL pointer dereference. The issue can be observed in the kernel log, where the KASAN (Kernel Address Sanitizer) reports the null pointer dereference as a general protection fault, indicating a non-canonical address access.

Remediation

Users can upgrade to Linux kernel versions through 6.3.0-rc4 to address this vulnerability.