Linux Kernel Driver Core NULL Pointer Dereference Vulnerability in dev_uevent()

Vulnerability

A vulnerability in the Linux kernel's driver core can lead to a NULL pointer dereference in the dev_uevent() function. This issue arises when userspace simultaneously accesses the 'uevent' device attribute while another thread unbinds the device from its driver. The transition of the dev->driver pointer from a valid reference to NULL can cause a crash. The vulnerability has been addressed by using READ_ONCE() to safely retrieve the driver pointer and by locking the bus' drivers klist to prevent the driver instance from being removed during access. Additionally, WRITE_ONCE() is used when updating the driver pointer to avoid data tearing.

Impact

Exploitation of this vulnerability can cause a system crash due to a NULL pointer dereference.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Driver Core NULL Pointer Dereference Vulnerability in dev_uevent()

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating