* [BUG] Potential Null Pointer Dereference in rt6_device_match Function
@ 2026-02-14 12:54 冯嘉仪
0 siblings, 0 replies; 2+ messages in thread
From: 冯嘉仪 @ 2026-02-14 12:54 UTC (permalink / raw)
To: davem; +Cc: dsahern, edumazet, kuba, pabeni, netdev, linux-kernel
Dear Maintainer,
Our team recently developed a null-pointer-dereference (NPD) vulnerability detection tool, and we used it to scan the Linux Kernel (version 6.9.6). After manual review, we identified a potentially vulnerable code snippet that could lead to a null-pointer dereference bug. We would appreciate your expert insight to confirm whether this vulnerability could indeed pose a risk to the system.
Vulnerability Description:
File: net/ipv6/route.c
In the function rt6_device_match, we found the following line of code:
if (!(nh->fib_nh_flags & RTNH_F_DEAD))
The issue arises because the nh pointer may be passed as NULL in certain situations. Since nh is NULL, accessing nh->fib_nh_flags in the statement could result in a null-pointer dereference.
Proposed Fix:
To prevent the potential null-pointer dereference, we suggest adding a NULL check for the nh pointer before attempting to dereference nh->fib_nh_flags in the line.
Request for Review:
We would appreciate your expert insight to confirm whether this vulnerability indeed poses a risk to the system, and if the proposed fix is appropriate. If there are reasons why this issue does not present a real risk (e.g., the NULL check is redundant or unnecessary), we would be grateful for clarification.
Thank you for your time and consideration.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [BUG] Potential Null Pointer Dereference in rt6_device_match Function
@ 2026-02-14 12:57 冯嘉仪
0 siblings, 0 replies; 2+ messages in thread
From: 冯嘉仪 @ 2026-02-14 12:57 UTC (permalink / raw)
To: davem; +Cc: dsahern, edumazet, kuba, pabeni, netdev, linux-kernel
Dear Maintainer,
Our team recently developed a null-pointer-dereference (NPD) vulnerability detection tool, and we used it to scan the Linux Kernel (version 6.9.6). After manual review, we identified a potentially vulnerable code snippet that could lead to a null-pointer dereference bug. We would appreciate your expert insight to confirm whether this vulnerability could indeed pose a risk to the system.
Vulnerability Description:
File: net/ipv6/route.c
In the function rt6_device_match, we found the following line of code:
if (nh->fib_nh_flags & RTNH_F_DEAD) {
The issue arises because the nh pointer may be passed as NULL in certain situations. Since nh is NULL, accessing nh->fib_nh_flags in the statement could result in a null-pointer dereference.
Proposed Fix:
To prevent the potential null-pointer dereference, we suggest adding a NULL check for the nh pointer before attempting to dereference nh->fib_nh_flags in the line.
Request for Review:
We would appreciate your expert insight to confirm whether this vulnerability indeed poses a risk to the system, and if the proposed fix is appropriate. If there are reasons why this issue does not present a real risk (e.g., the NULL check is redundant or unnecessary), we would be grateful for clarification.
Thank you for your time and consideration.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-02-14 12:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-14 12:54 [BUG] Potential Null Pointer Dereference in rt6_device_match Function 冯嘉仪
-- strict thread matches above, loose matches on Subject: below --
2026-02-14 12:57 冯嘉仪
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox