Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in MIPS KVM VZ Extension

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the Linux kernel's handling of KVM guests with MIPS VZ extensions. This issue arises after the removal of KVM_TE support, leading to a crash when a KVM guest is created. The vulnerability is present in the stable Linux kernel versions 6.4.0-rc3 and earlier.

Impact

Exploitation of this vulnerability causes a kernel panic due to an unhandled NULL pointer dereference, which can lead to a denial of service by crashing the system.

Reproduction

To reproduce this vulnerability, load a KVM guest with MIPS VZ extensions on a system running an affected version of the Linux kernel. The guest creation process will trigger a NULL pointer dereference, causing a kernel panic.

Remediation

Users can upgrade to a patched version of the Linux kernel that addresses this vulnerability. The official Linux kernel repositories include the necessary updates.

Added: Dec 30, 2025, 3:13 PM

Updated: Dec 30, 2025, 3:13 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.8

remediation

7.7

relevance

1.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.8

remediation

7.7

relevance

1.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in MIPS KVM VZ Extension

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating