Dae R. Jeong

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A missing memory barrier in the `tls init` function can cause a NULL dereference in `tls {setsockopt,getsockopt}` due to store-store reordering. This issue can be observed when the `ctx->sk proto` is initialized and the `sk->sk prot` is updated concurrently. The problem arises when the `READ ONCE` and `WRITE ONCE` operations are reordered, allowing the `ctx->sk proto->setsockopt()` function to access a NULL value. To fix this issue, the `rcu assign pointer` function is used to ensure that the `ctx->sk proto` is visible when changing the `sk->sk prot`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.