[BUG] Potential Null Pointer Dereference in rt6_device_match Function

Next message: Xukai Wang: "[PATCH v11 2/3] clk: canaan: Add clock driver for Canaan K230"
Previous message: Xukai Wang: "[PATCH v11 1/3] dt-bindings: clock: Add bindings for Canaan K230 clock controller"
In reply to: &#x51AF;&#x5609;&#x4EEA;: "[BUG] Potential Null Pointer Dereference in rt6_device_match Function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: 冯嘉仪

Date: Sat Feb 14 2026 - 07:58:47 EST

Dear Maintainer,

Our team recently developed a null-pointer-dereference (NPD) vulnerability detection tool, and we used it to scan the Linux Kernel (version 6.9.6). After manual review, we identified a potentially vulnerable code snippet that could lead to a null-pointer dereference bug. We would appreciate your expert insight to confirm whether this vulnerability could indeed pose a risk to the system.

Vulnerability Description:
File: net/ipv6/route.c
In the function rt6_device_match, we found the following line of code:

if (nh->fib_nh_flags & RTNH_F_DEAD) {

The issue arises because the nh pointer may be passed as NULL in certain situations. Since nh is NULL, accessing nh->fib_nh_flags in the statement could result in a null-pointer dereference.

Proposed Fix:
To prevent the potential null-pointer dereference, we suggest adding a NULL check for the nh pointer before attempting to dereference nh->fib_nh_flags in the line.

Request for Review:
We would appreciate your expert insight to confirm whether this vulnerability indeed poses a risk to the system, and if the proposed fix is appropriate. If there are reasons why this issue does not present a real risk (e.g., the NULL check is redundant or unnecessary), we would be grateful for clarification.

Thank you for your time and consideration.