Linux Kernel NULL Pointer Dereference Vulnerability in Flow Classifier

A NULL pointer dereference vulnerability has been identified in the Linux kernel's flow classifier component. This issue arises in shared blocks where the block's queue reference is NULL. When a flow filter is created on such a shared block without a fully qualified base class, it leads to a NULL dereference. The vulnerability is present in the net/sched/cls_flow.c file, specifically within the flow_change function.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected component or process.

Reproduction

The vulnerability can be reproduced by creating a flow filter on a shared block without specifying a fully qualified base class. This can be done by using the traffic control (tc) command to add a filter to a shared block, leaving the base class unspecified. The resulting NULL pointer dereference can be observed using Kernel Address Sanitizer (KASAN), which will report the null pointer dereference error.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.