Linux Kernel SMB Client NULL Pointer Dereference Vulnerability in Automount Path Handling

Vulnerability

A vulnerability in the Linux kernel's SMB client has been addressed, which could lead to a NULL pointer dereference. The issue arises in the automount path handling, specifically in the function '__build_path_from_dentry_optional_prefix'. When the 'tcon->origin_fullpath' is not set, the full path page is correctly checked for NULL. However, this check is absent when the path is set, creating a potential vulnerability. The recent patch adds the necessary NULL check to prevent this issue.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Added: Jul 4, 2025, 3:11 PM

Updated: Jul 4, 2025, 3:11 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SMB Client NULL Pointer Dereference Vulnerability in Automount Path Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating