A null pointer dereference in the Linux kernel can be exploited to access a system at root privilege level. The hole is reportedly contained in pipe.c and can occur in certain circumstances when using the pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions while releasing a mutex (mutual exclusion) too early
However, like previous null pointer dereference issues in the Linux kernel, the vulnerability can only be exploited if the kernel's mmap_min_addr system variable is set to 0. mmap_min_addr describes the lowest virtual address a process can use for mapping. If it is greater than 0, exploits that involve a null-valued pointer to this address won't work. However, as this will also cause certain open source applications like Wine and DOSEMU to malfunction, distributors such as Red Hat and Debian set the respective value to 0 by default. Red Hat has already released updated packages to close the hole. Debian offers instructions on how to change the variable. In Ubuntu, mmap_min_addr is set to 65535, which renders exploits ineffective.
The link for this article located at H Security is no longer available.