Frederick Lawler

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.1.6 **Description** The issue is related to a NULL pointer dereference bug in the traffic control subsystem of the Linux kernel. This bug can be exploited by an unprivileged user to trigger a denial of service, resulting in a system crash. The exploitation is possible via a crafted traffic control configuration set up with commands like `tc qdisc` and `tc class`, affecting the `qdisc graft` function in `net/sched/sch api.c`. **Recommendations** For Linux kernel versions prior to 6.1.6, update to version 6.1.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `tc qdisc` and `tc class` commands to minimize the risk of exploitation. Additionally, limiting access to the traffic control configuration can help mitigate the risk until a patch is applied.