Linux Kernel AVX2 Null Pointer Dereference Vulnerability in Netfilter NFT Set Pipapo

A null pointer dereference vulnerability has been identified in the Linux kernel's netfilter component, specifically within the NFT set Pipapo functionality. This issue arises when the AVX2 support is unavailable, leading to a failure in properly checking for null references in the scratch map. The vulnerability was introduced in a previous commit that merged certain functions, and it has been addressed by restoring the correct null check logic.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, which can cause a kernel crash or potentially be exploited to execute arbitrary code in the kernel context.

Reproduction

The vulnerability can be reproduced in the Linux kernel's netfilter NFT set Pipapo component when AVX2 support is not available. The issue occurs because the scratch map is not properly checked for null values, allowing for a null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.