Primary

Context

Linux Kernel TIPC Null Pointer Dereference Vulnerability in Ethernet Bearer Handling

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem. This issue arises when the remote IP of an Ethernet bearer is being accessed, particularly after creating a tun interface and enabling an L2 bearer. The vulnerability occurs because the bearer list may contain NULL values under certain conditions, leading to a general protection fault.

Impact

Exploitation of this vulnerability causes a general protection fault, leading to a crash of the affected process.

Reproduction

To reproduce this vulnerability, create a tun interface and enable an L2 bearer. Then, send a TIPC_NL_UDP_GET_REMOTEIP command with the media name set to the tun interface. This will trigger a null pointer dereference in the TIPC subsystem, causing a general protection fault.

Added: Jul 4, 2025, 3:59 PM

Updated: Jul 4, 2025, 3:59 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel TIPC Null Pointer Dereference Vulnerability in Ethernet Bearer Handling

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating