Primary

Context

Linux Kernel JFFS2 Invalid Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's JFFS2 file system has been identified, stemming from an invalid pointer dereference. This issue arises because the function 'jffs2_prealloc_raw_node_refs()' does not consistently verify the successful allocation of node references. The flaw was discovered through fuzzing, which revealed that the error handling could be improved. The vulnerability leads to a null pointer dereference, as indicated by the Kernel Address Sanitizer (KASAN) report.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash of the affected kernel.

Reproduction

The vulnerability can be reproduced by writing data to a JFFS2 file system using the 'pwritev' system call. This process can be automated with a fuzzer, such as Syzkaller, which will trigger the invalid pointer dereference by not properly handling the allocation of node references.

Added: Jul 10, 2025, 11:22 AM

Updated: Jul 10, 2025, 11:22 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel JFFS2 Invalid Pointer Dereference Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating