Primary

Context

Linux Kernel UDP-Lite Null Pointer Dereference Vulnerability

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the UDP-Lite implementation of the Linux kernel. This issue arises in the 'udplite' and 'udplitev6' socket initialization functions, where the error handling for socket initialization failures was not properly managed. As a result, a null pointer dereference occurs when the UDP-Lite socket's production queue is accessed, leading to a potential crash or undefined behavior.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which can lead to a crash or undefined behavior of the kernel.

Reproduction

The vulnerability can be reproduced by initializing a UDP-Lite socket after a failed socket initialization, which can occur in certain conditions. This can be simulated using a tool like Syzkaller, which is mentioned in the context as having reported the issue.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: May 6, 2026, 3:56 PM

Updated: May 6, 2026, 3:56 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

7.6

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

7.6

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel UDP-Lite Null Pointer Dereference Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating