CVE-2025-40185
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | ice_adapter | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ice driver where, if the function ice_adapter_new() fails during adapter allocation, a reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same index to fail with an -EBUSY error, which can potentially lead to NULL pointer dereferences. The issue is related to improper handling of the XArray reservation and allocation sequence.
How can this vulnerability impact me? :
The vulnerability can cause failures in adapter allocation within the Linux kernel, leading to errors when inserting entries into the XArray. This may result in NULL pointer dereferences, which can cause system instability or crashes, potentially impacting system reliability and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the issue is fixed by applying the patch that reorders the operations in ice_adapter allocation as described: check if adapter exists (xa_load), reserve the XArray slot (xa_reserve), allocate the adapter (ice_adapter_new), and then store the adapter (xa_store). This prevents the reserved XArray entry from leaking and avoids subsequent errors.