Linux Kernel gve Driver NULL Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's gve driver can lead to a NULL pointer dereference. The issue arises in the function gve_tx_add_skb_dqo(), which fails to check if gve_alloc_pending_packet() returned NULL before accessing the pointer. This oversight could cause a crash when memory allocation fails, particularly in low-memory situations.

Impact

Exploitation of this vulnerability can cause a system crash due to a NULL pointer dereference.

Added: Jul 3, 2025, 10:55 AM

Updated: Jul 3, 2025, 10:55 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel gve Driver NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating