SB20251230236 - NULL pointer dereference in Linux kernel objtool
Published: December 30, 2025 Updated: December 30, 2025
Security Bulletin ID
SB20251230236
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-50879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __dead_end_function() function in tools/objtool/check.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0af0e115ff59d638f45416a004cdd8edb38db40c
- https://git.kernel.org/stable/c/23a249b1185cdd5bfb6971d1608ba49e589f2288
- https://git.kernel.org/stable/c/38b9415abbd703438ebbc6fb74990bd0fbddc5b9
- https://git.kernel.org/stable/c/418ef921cce2d7415fab7e3e93529227f239e4bb
- https://git.kernel.org/stable/c/efb11fdb3e1a9f694fa12b70b21e69e55ec59c36
- https://git.kernel.org/stable/c/fcee8a2d4db404a93e690d79e7273b6ef9d33575
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3