Linux Kernel NULL Pointer Dereference Vulnerability in Tracing Event Handling

A vulnerability in the Linux kernel's tracing event handling can lead to a NULL pointer dereference, causing a kernel crash. This issue arises during boot-time trigger registration, which can fail before the associated cleanup thread is created. If the thread creation fails, deferred trigger data can accumulate and later attempts to free this data only clear the most recent entries, causing older ones to be permanently leaked. The vulnerability can be reproduced by adding specific trace event and trigger parameters to the kernel command line, which will cause a failure that triggers the NULL pointer dereference.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, causing a denial of service by interrupting normal system operations.

Reproduction

To reproduce this vulnerability, add 'trace_event=sched_switch' and 'trace_trigger=sched_switch.traceon,sched_switch.traceon' to the kernel command line. The second 'traceon' trigger will fail, leading to a NULL pointer dereference that crashes the kernel.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.