Linux Kernel Null Pointer Dereference Vulnerability in SUNRPC Authentication

A null pointer dereference vulnerability has been identified in the Linux kernel's SUNRPC module, specifically within the GSS-API authentication handling. This issue arises when the checksum length is zero, leading to a null checksum data pointer. The vulnerability is present in the stable Linux kernel versions that include this flawed authentication processing. When the null pointer is accessed during message integrity verification, it causes a crash, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash and denial-of-service condition on the affected system.

Reproduction

To reproduce this vulnerability, send an opaque authentication header with a zero-length checksum to a service that uses GSS-API authentication over SUNRPC. The server will crash due to the null pointer dereference when it attempts to verify the message integrity.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the Linux Kernel Archives.