CVE-2025-68302
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: sxgbe: fix potential NULL dereference in sxgbe_rx() Currently, when skb is null, the driver prints an error and then dereferences skb on the next line. To fix this, let's add a 'break' after the error message to switch to sxgbe_rx_refill(), which is similar to the approach taken by the other drivers in this particular case, e.g. calxeda with xgmac_rx(). Found during a code review.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68302
EUVD
EUVD-2025-203778
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Apply the patch or update to the Linux kernel version that includes the fix for the sxgbe driver to prevent the NULL dereference issue. This involves ensuring your system is updated with the latest kernel that contains the fix where a 'break' statement is added after the error message to avoid dereferencing a null skb.

Executive Summary

This vulnerability is a potential NULL pointer dereference in the Linux kernel's sxgbe network driver. When the skb (socket buffer) is null, the driver prints an error but then proceeds to dereference the null skb, which can cause a crash or undefined behavior. The fix involves adding a break statement after the error message to avoid dereferencing the null pointer and instead switch to a safe refill function.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or behave unpredictably due to a NULL pointer dereference in the network driver. This may lead to denial of service or system instability when the affected driver encounters a null skb.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68302. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart