NULL pointer dereference bug

Published reports say that the fully updated Linux Kernel can be attacked.  The attack can occur on patches to the Linux kernel that has not been implemented yet in most distros.

Linux Kernel 2.6.30 and 2.6.31 Affected Only

The null reference bug vulnerability is located in several parts of Linux, including one that implements functions known as “tun”. The bug causes the tun variable to not be able to point to a NULL value.   If that occurs,  the variable points instead to zero, and then the kernel tries to access parts of memory that are forbidden, which can then lead to a compromise on the pc running that OS.

Exploit code written by a Linux developer, Brian Spengler demonstrated the bug and the potential for attack.  Within hours, a fix was available in the community.  Linus Torvalds, the creator of Linux, was apparently aware of the vulnerability but did not see it as posing a major threat.

Risk going forward?

The bigger issue and question on the minds of Linux users is who new when and what did they know?  The axiom of open source has always been full disclosure.  Was the bug known to the kernel developers before the potential risk was published?  What if any is the obligation of Open Source developers to divulge to their users on potential threats?  Fortunately this time, the risk was minimal, and the fix was quickly forthcoming.

Further reading on this topic:

Clever attack exploits fully-patched Linux kernel

Root exploit for Linux kernel published