Linux Kernel NULL Pointer Dereference Vulnerability in xen-netfront XDP Handling

Vulnerability

A vulnerability in the Linux kernel's xen-netfront driver has been addressed, concerning the handling of XDP (eXpress Data Path) buffers. The function xdp_convert_buff_to_frame() can return NULL if it fails to convert an XDP buffer into a frame, due to memory limitations, internal errors, or invalid data. Not checking for a NULL return can lead to a NULL pointer dereference, causing crashes, data corruption, or undefined behavior. Additionally, on XDP redirect failure, the associated page must be explicitly released if it was previously retained, to avoid a memory leak.

Impact

This vulnerability could lead to a NULL pointer dereference, causing system crashes or undefined behavior. It also has the potential to create a memory leak if XDP redirect failures are not properly handled.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in xen-netfront XDP Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating