CVE-2025-37824

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc1-syzkaller-00246-g900241a5cc15

Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the tipc mon reinit self() function. This issue arises due to a racing condition between a workqueue created when enabling a bearer and another thread created when disabling the bearer immediately after. The tipc mon reinit self() function attempts to access a NULL pointer, leading to a general protection fault. Technical details about the issue include the involvement of the tipc disc timeout() and bearer disable() functions, as well as the write lock bh() and write unlock bh() locking mechanisms.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in tipc mon reinit self(). As a temporary workaround, consider disabling the tipc mon reinit self() function until a patch is available. Restrict access to the vulnerable tipc module to minimize the risk of exploitation.