Pierre Riteau

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A NULL pointer dereference issue has been identified in the Linux kernel. The problem arises from incorrect error handling in the `tcf exts miss cookie base alloc()` function, which calls `xa alloc cyclic()`. This function can return 1 if the allocation is successful after wrapping, but this return value is treated as an error. As a result, `exts->actions` is set to NULL and returned to the caller `fl change()`, which then calls `tcf exts validate ex()` and subsequently `tcf action init()` with the NULL `exts->actions` as an argument, leading to a NULL pointer dereference. Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the NULL pointer dereference error in the `net/sched` subsystem. As a temporary workaround, consider disabling the `tcf action init()` function until a patch is available. Restrict access to the vulnerable `cls api` module to minimize the risk of exploitation. Avoid using the `exts->actions` variable in the affected API endpoints until the issue is resolved.