Jinjiang Tu

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.65 **Description** A NULL pointer dereference issue was found in the Linux kernel, specifically in the `alloc pages bulk noprof()` function. This issue occurs when a task is migrated between cpusets, causing the `ac->preferred zoneref->zone` pointer to become NULL. The `for each zone zonelist nodemask()` function finds an allowable zone and calls `zonelist node idx(ac.preferred zoneref)`, leading to a NULL pointer dereference. The issue is fixed by checking for a NULL pointer in the ` alloc pages noprof()` function. **Recommendations** To fix this issue, update to Linux kernel version 6.6.65 or later. As a temporary workaround, consider disabling the `alloc pages bulk noprof()` function until a patch is available. Restrict access to the vulnerable `zonelist node idx()` function to minimize the risk of exploitation. Avoid using the `ac->preferred zoneref->zone` pointer in the affected `alloc pages bulk noprof()` function until the issue is resolved.