Josh Hunt

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.58 **Description** A null pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the `tcp rearm rto()` function, which is called from the `tcp send loss probe()` and `tcp write timer handler()` functions. The vulnerability can cause a kernel crash when a null pointer is dereferenced. The issue was initially found in the TLP path, but later also seen in the RACK case. The vulnerability is caused by a null `skb` pointer being passed to the `tcp rto delta us()` function. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.58 or later. For versions prior to 6.6.58, consider disabling the `tcp rearm rto()` function as a temporary workaround until a patch is available.