Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NULL Pointer Dereference Vulnerability in SMC Component

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's SMC (Socket Memory Copy) component, specifically within the 'smc_ib_is_sg_need_sync' function. This vulnerability occurs when the software RoCE (RDMA over Converged Ethernet) device is used, as the 'ibdev->dma_device' pointer is NULL, leading to a kernel panic. The issue has been addressed by adding a NULL pointer check to prevent the dereference.

Impact

Exploitation of this vulnerability leads to a kernel NULL pointer dereference, causing a system crash.

Reproduction

The vulnerability can be reproduced by using a software RoCE device with the Linux kernel version 6.17.0-rc2+. When the SMC component processes work, the NULL pointer dereference occurs, as the 'ibdev->dma_device' is not properly initialized.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.

Added: Sep 19, 2025, 4:44 PM
Updated: Sep 19, 2025, 4:44 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.