Volerion logoVolerion
Volerion logoVolerion

Linux Kernel ublk Driver NULL Pointer Dereference Vulnerability

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel ublk driver. The issue arises in the 'ublk_ctrl_set_size()' function, which unconditionally dereferences the 'ub->ub_disk' pointer without checking if it is NULL. This can lead to a crash when the pointer is NULL, which can occur if a device has been added but not yet started, or if it has been stopped. The vulnerability exists in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a kernel crash.

Reproduction

To reproduce this vulnerability, send the 'UBLK_CMD_UPDATE_SIZE' command to a ublk device that has been added but not yet started, or one that has been stopped. The command will trigger a NULL pointer dereference, causing a crash.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can upgrade to the latest version to address this issue.

Added: May 8, 2026, 9:36 PM
Updated: May 8, 2026, 9:36 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
7.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.