Linux Kernel Hyper-V Netvsc Driver NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's Hyper-V netvsc driver can lead to a NULL pointer dereference. This issue occurs when a virtual function (VF) network interface card (NIC) is moved to a new namespace and then returned to the default namespace during the namespace deletion process. The transition back to the default namespace can cause the netdev list to become inconsistent, leading to a kernel panic. The problem has been observed in Linux kernel version 6.16.0-rc4.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by registering a VF NIC with the netvsc driver, which automatically moves it to a new namespace. When the namespace is deleted, the NIC is returned to the default namespace, bringing the VF NIC with it. This process can be monitored through kernel logs, which will show the movement of the NIC between namespaces and the subsequent NULL pointer dereference error.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.