Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Kprobe Initialization Race Condition Vulnerability Leading to NULL Pointer Dereference

Vulnerability

A critical race condition has been identified in the Linux kernel's kprobe initialization process. This vulnerability can cause a NULL pointer dereference, leading to a kernel crash. The issue arises when the kprobe functionality is activated before the associated performance events are properly initialized. As a result, when a debug exception is triggered, the kprobe dispatcher attempts to access performance event data that has not yet been assigned, causing a crash.

Impact

Exploitation of this vulnerability results in a kernel crash due to a NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by activating kprobe functionality and then triggering a debug exception before the associated performance events are initialized. This can be done by writing to a debug file that has a kprobe attached, such as 'kprobes/trace', which will invoke the kprobe dispatcher and cause the crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 28, 2025, 1:12 PM
Updated: Oct 28, 2025, 1:12 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
0.9
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.