Linux Kernel IPVS NULL Pointer Dereference Vulnerability in Service Addition

A NULL pointer dereference vulnerability has been identified in the Linux kernel's IP Virtual Server (IPVS) module, specifically in versions through 6.2. The issue arises in the 'ip_vs_add_service' function, where a successful scheduler binding leaves a local variable set to NULL. If the subsequent 'ip_vs_start_estimator' call fails, the error handling attempts to unbind the scheduler using the NULL variable, leading to a kernel panic. This vulnerability has been present in older kernel versions but has resurfaced in the latest stable release due to changes in the error handling process.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, add a service in the IPVS module by binding a scheduler. After the binding is successful, induce a failure in the 'ip_vs_start_estimator' function. The error handling will then attempt to unbind the scheduler using a NULL pointer, causing a kernel panic.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.