CVE-2025-39814
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset Issuing a reset when the driver is loaded without RDMA support, will results in a crash as it attempts to remove RDMA's non-existent auxbus device: echo 1 > /sys/class/net/<if>/device/reset BUG: kernel NULL pointer dereference, address: 0000000000000008 ... RIP: 0010:ice_unplug_aux_dev+0x29/0x70 [ice] ... Call Trace: <TASK> ice_prepare_for_reset+0x77/0x260 [ice] pci_dev_save_and_disable+0x2c/0x70 pci_reset_function+0x88/0x130 reset_store+0x5a/0xa0 kernfs_fop_write_iter+0x15e/0x210 vfs_write+0x273/0x520 ksys_write+0x6b/0xe0 do_syscall_64+0x79/0x3b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e ice_unplug_aux_dev() checks pf->cdev_info->adev for NULL pointer, but pf->cdev_info will also be NULL, leading to the deref in the trace above. Introduce a flag to be set when the creation of the auxbus device is successful, to avoid multiple NULL pointer checks in ice_unplug_aux_dev().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-02
Generated
2026-05-07
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39814
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.16 (inc) to 6.16.5 (exc)
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a NULL pointer dereference in the Linux kernel's ice driver, specifically in the function ice_unplug_aux_dev() during a device reset. When the driver is loaded without RDMA support, issuing a reset causes the driver to attempt to remove a non-existent RDMA auxiliary bus device, leading to a crash due to dereferencing a NULL pointer.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash when resetting the network device managed by the ice driver without RDMA support. This results in a denial of service as the system or network interface may become unstable or unresponsive.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel crash logs indicating a NULL pointer dereference in the ice_unplug_aux_dev() function. Specifically, look for kernel BUG messages and call traces involving ice_unplug_aux_dev, ice_prepare_for_reset, and pci_reset_function. You can also test the vulnerability by issuing the command: echo 1 > /sys/class/net/<if>/device/reset (replace <if> with the network interface name) on a system running the affected driver without RDMA support, which may cause a crash if vulnerable.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves avoiding issuing a reset command (echo 1 > /sys/class/net/<if>/device/reset) on interfaces using the ice driver without RDMA support until the driver is updated with the fix. Applying the vendor or kernel update that includes the patch introducing a flag to prevent NULL pointer dereference in ice_unplug_aux_dev() is the recommended permanent fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart