Impact
In the Linux kernel, a NULL pointer dereference occurs in the classifier filter (cls_fw) when an "old" style filter is added to a shared block before its change() function runs. The faulty code can trigger a WARN_ON() and a BUG, causing the kernel to crash. The crash effects availability only; confidentiality or integrity are not directly compromised. The vulnerability is confined to the kernel and results in a system halt until reboot.
Affected Systems
All Linux kernel releases that contain the buggy cls_fw filter code before the fix commit that added the NULL‑dereference guard (commit 41845bc5). The affected kernel is the standard Linux kernel; users of any kernel version preceding the fix should be considered vulnerable.
Risk and Exploitability
The CVSS score of 5.5 indicates medium severity, while the resulting kernel crash represents a high‑impact outcome. The EPSS score is < 1 %, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector requires the attacker to configure traffic‑control rules, which normally requires CAP_NET_ADMIN or root privileges. Based on the description, the attacker must have privileged access to add or modify kernel filters; this inference is drawn from the demonstration script that uses privileged tc commands. Once the privileged attacker installs the triggering filter, the crash occurs immediately, delivering a local denial‑of‑service with no remote exploitation path indicated.
OpenCVE Enrichment
Debian DLA