flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service
Description
A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in the ipsec xfrm policy dump code in flar2 ElementalX on Nexus 9 allows denial of service via crafted Netlink messages.
Vulnerability
In flar2 ElementalX kernel for Nexus 9, the function xfrm_dump_policy_done in net/xfrm/xfrm_user.c improperly dereferences a pointer from cb->args[1] without proper initialization. This occurs when an IPsec policy dump is aborted (e.g., via Netlink message). The bug affects versions up to 6.x. The commit [1] fixes it by restructuring the walk pointer handling.
Exploitation
An attacker with the ability to send crafted Netlink messages to the kernel can trigger an aborted xfrm policy dump. The attacker does not need local access; sending from userspace is sufficient. The sequence: initiate a policy dump, then abort it before completion. The kernel will call xfrm_dump_policy_done which accesses uninitialized cb->args[1], causing a NULL pointer dereference and crash.
Impact
Successful exploitation results in a denial of service (system crash) due to a kernel NULL pointer dereference. No privilege escalation or data disclosure is possible. The scope is limited to the kernel crash; the system becomes unavailable.
Mitigation
The fix is included in ElementalX version 7.00 for Nexus 9. Users should upgrade to version 7.00 or apply the patch commit 1df72c9f0f61304437f4f1037df03b5fb36d5a79. No workarounds are documented. The vulnerability is not on the CISA KEV list.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=6.x+ 1 more
- (no CPE)range: <=6.x
- (no CPE)range: 6.x
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79mitrepatch
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.