Linux Kernel Function Graph NULL Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's function graph tracer can lead to a NULL pointer dereference. This issue arises in the '__ftrace_return_to_handler()' function, where a loop iterates over 'fgraph_array[]' elements, checking for 'fgraph_stub' to prevent its use afterward. However, if the compiler reloads 'fgraph_array[]' after this check, it may introduce a 'fgraph_stub' that the loop processes. Since the stub's 'func_hash' field is null, this leads to a NULL pointer dereference. To address this, a 'READ_ONCE()' was added when accessing 'fgraph_array[]', ensuring that the comparison against 'fgraph_stub' matches the processed 'gops' later.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Function Graph NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating