Linux Kernel Bcache NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's bcache component allows for a NULL pointer dereference, leading to a kernel crash. This issue arises during the registration of cache sets, where memory allocation failures are not properly handled. Specifically, the problem occurs in the 'bch_cache_set_alloc' function, which fails to allocate memory for cache set structures. When the 'register_cache_set' function attempts to use this uninitialized data, it results in a NULL pointer dereference, causing a system crash.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, causing a denial of service by interrupting normal system operations.

Reproduction

The vulnerability can be reproduced by registering a cache set in the bcache component of the Linux kernel. If the memory allocation for the cache set fails, the 'bch_cache_set_alloc' function returns NULL. The 'register_cache_set' function then attempts to use this NULL value, which results in a NULL pointer dereference in the 'cache_set_flush' function, causing the kernel to crash.