Linux Kernel NULL Pointer Dereference Vulnerability in NTFS3 File System

A vulnerability allowing a NULL pointer dereference has been identified in the Linux kernel's NTFS3 file system implementation. This issue arises because the 'kmemdup' function can return a NULL pointer, and the current code does not adequately check for this possibility. The vulnerability has been addressed by adding a return value check to prevent the dereference.

Impact

Exploitation of this vulnerability can lead to a NULL pointer dereference, causing a kernel crash.

Reproduction

The vulnerability can be reproduced by using the NTFS3 file system in the Linux kernel. The specific scenario involves the 'kmemdup' function being called without a proper check for a NULL return value. This can occur when attribute names are being processed, as indicated by the vulnerability's description.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The official Linux kernel Git repository can be accessed for the latest stable releases.