Impact
The Linux kernel has a NULL pointer dereference when a self‑deadlock occurs during a FUTEX_CMP_REQUEUE_PI requeue. The bug causes remove_waiter() to dereference a NULL waiter->task, leading to a kernel crash and a denial of service. This flaw represents a null pointer dereference weakness (CWE‑476).
Affected Systems
All versions of the Linux kernel that do not include the fix introduced in commit 16f8e17184b31382076f84751db5ac51fc02733e. No specific release numbers are listed, so any kernel prior to the application of this patch may be vulnerable.
Risk and Exploitability
The CVSS score is 5.5 and the EPSS score is < 1%, so the severity can be considered low to medium. The vulnerability is not listed in the CISA KEV catalog, indicating no known large‑scale exploitation. The flaw requires that an attacker trigger a FUTEX_CMP_REQUEUE_PI requeue of a non‑top waiter that already owns the target PI futex; this is inferred to be a local scenario. Thus the primary threat is local denial of service.
OpenCVE Enrichment