John Hubbard

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.12 **Description** A flaw in the Linux kernel's `unpin user pages()` function assumes it handles NULL pages in the pages array, which is not the case. This issue can cause a kernel NULL pointer dereference. The problem arises when booting on x86 with specific configurations and running the `tools/testing/selftests/mm/gup longterm` test, resulting in a crash. The `unpin user pages()` function does not handle NULL pages, unlike `unpin folios()`. Technical details include the `sanity check pinned pages()` function and the `check and migrate movable pages or folios()` function. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for handling NULL pages in `unpin user pages()`. As a temporary workaround, consider modifying the `unpin user pages()` function to skip NULL pages, similar to `unpin folios()`.