Linux Kernel vsock/BPF NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's vsock/BPF implementation can lead to a NULL pointer dereference. This issue occurs when a socket's transport is not assigned, such as after a failed connection attempt. The vulnerability was identified in kernel version 6.13.0-rc2 and can be exploited by calling core functions that require an assigned transport, leading to a kernel crash.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, leading to a crash of the kernel and potentially causing a denial of service.

Reproduction

The vulnerability can be reproduced by creating a socket and attempting to connect it to a transport that is not available, such as after a failed connection. This leaves the transport pointer as NULL. When a function that checks for data in the socket is called, it will attempt to access the NULL pointer, causing a kernel crash.