Linux Kernel PTP OCP Debugfs Summary Output Vulnerability Leading to NULL Pointer Dereference

Vulnerability

A vulnerability in the Linux kernel's Precision Time Protocol (PTP) component has been addressed. The issue arose in the debugfs summary output, which could inadvertently access uninitialized elements in the freq_in and signal_out arrays. This uninitialized access led to NULL pointer dereferences, causing a kernel Oops (page_fault_oops) error. The vulnerability has been resolved by introducing fields to track the number of initialized elements in the arrays, capping the count at four per array. The summary output functions have been modified to adhere to these limits, thereby preventing out-of-bounds access and ensuring safe array management.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a kernel Oops error and potentially disrupting system operations.

Added: Jun 18, 2025, 11:10 AM

Updated: Jun 18, 2025, 11:10 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PTP OCP Debugfs Summary Output Vulnerability Leading to NULL Pointer Dereference

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating