CVE-2026-23117
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux ice Driver on devlink Reload

Publication date: 2026-02-14

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ice: add missing ice_deinit_hw() in devlink reinit path devlink-reload results in ice_init_hw failed error, and then removing the ice driver causes a NULL pointer dereference. [ +0.102213] ice 0000:ca:00.0: ice_init_hw failed: -16 ... [ +0.000001] Call Trace: [ +0.000003] <TASK> [ +0.000006] ice_unload+0x8f/0x100 [ice] [ +0.000081] ice_remove+0xba/0x300 [ice] Commit 1390b8b3d2be ("ice: remove duplicate call to ice_deinit_hw() on error paths") removed ice_deinit_hw() from ice_deinit_dev(). As a result ice_devlink_reinit_down() no longer calls ice_deinit_hw(), but ice_devlink_reinit_up() still calls ice_init_hw(). Since the control queues are not uninitialized, ice_init_hw() fails with -EBUSY. Add ice_deinit_hw() to ice_devlink_reinit_down() to correspond with ice_init_hw() in ice_devlink_reinit_up().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-02-14
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23117
EUVD
EUVD-2026-6031
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.18.2 (inc) to 6.18.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's ice driver, which manages certain Intel network devices. A recent code change removed a necessary call to the function ice_deinit_hw() during the device reinitialization process. Specifically, when the devlink reload operation is performed, the ice_init_hw() function fails because the hardware control queues were not properly uninitialized. This failure leads to a NULL pointer dereference when the ice driver is removed, causing a potential crash or instability.


How can this vulnerability impact me? :

The impact of this vulnerability is that performing a devlink reload on the affected ice driver can cause the initialization to fail and subsequently cause a NULL pointer dereference when the driver is removed. This can lead to system instability or crashes, potentially disrupting network connectivity or causing downtime on systems using the affected Intel network devices.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing error messages related to the ice driver in the system logs, specifically messages indicating that ice_init_hw failed with error -16 and subsequent call traces involving ice_unload and ice_remove.

You can check the system logs for these errors using commands such as:

  • dmesg | grep ice
  • journalctl -k | grep ice
  • grep -i 'ice_init_hw failed' /var/log/syslog

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the ice driver is updated to a version that includes the fix where ice_deinit_hw() is properly called in the devlink reinit down path. This prevents the ice_init_hw() failure and the subsequent NULL pointer dereference.

If updating is not immediately possible, avoid performing devlink reload operations that trigger the ice driver reinitialization until the fix is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart