Linux Kernel NULL Pointer Dereference Vulnerability in TLS Processing

Vulnerability

A vulnerability in the Linux kernel's TLS handling can lead to a kernel panic due to a NULL pointer dereference. This issue arises when the allocation of a page fails, causing the frag_list to be improperly set. The vulnerability is present in the net/tls component of the Linux kernel. When the next tls_strp_read_sock function is called, it attempts to process a partial record without the necessary data, leading to a crash. The issue has been resolved by ensuring that the frag_list is not set to a NULL pointer when page allocation fails.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations by leading to a crash.

Added: Jun 18, 2025, 12:16 PM

Updated: Jun 18, 2025, 12:16 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in TLS Processing

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating