Leesoo Ahn

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 6.8.0-24-generic #24 and earlier **Description** A NULL pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs when the `profile->parent->dents[AAFS PROF DIR]` pointer is NULL, which can happen if its parent is made from ` create missing ancestors()` and `'ent->old'` is NULL in `aa replace profiles()`. This vulnerability can cause a kernel NULL pointer dereference. **Recommendations** To resolve this issue, update the Linux kernel to a version later than 6.8.0-24-generic #24. As a temporary workaround, consider disabling the `aafs create.constprop.0()` function until a patch is available. Restrict access to the vulnerable `aa replace profiles()` function to minimize the risk of exploitation. Avoid using the `profile->parent->dents[AAFS PROF DIR]` pointer in the affected API endpoint until the issue is resolved.