Geliang Tang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.43 **Description** The vulnerability is related to the sk msg recvmsg function in the Linux kernel, which can cause a kernel panic when a zero-length skb is passed to it. This issue occurs when running BPF selftests on a Loongarch platform. The root cause is that a zero-length skb, which is a TCP FIN packet sent by shutdown(), is put on the queue and later used in sk msg recvmsg, resulting in a NULL pointer being passed to page address(). To solve this, the kernel should skip the zero-length skb in sk msg recvmsg. **Recommendations** To resolve this issue, update the Linux kernel to version 6.6.43 or later. If updating is not possible, consider disabling the BPF selftests or restricting access to the vulnerable function until a patch is available.