Linux Kernel NULL Pointer Dereference Vulnerability in rtnl_create_link()

Vulnerability

A vulnerability in the Linux kernel's networking component can lead to a NULL pointer dereference in the rtnl_create_link() function. This issue arises because, during the execution of rtnl_create_link(), the device's netdev_ops is NULL. If CONFIG_NET_SHAPER is defined, using netdev_lock_ops() can cause a NULL dereference. The vulnerability has been addressed by modifying the function to use netif_set_group() instead of dev_set_group().

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a potential denial of service by causing a kernel crash.

Added: Jul 10, 2025, 10:06 AM

Updated: Jul 10, 2025, 10:06 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in rtnl_create_link()

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating