NULL Pointer Vulnerability in Linux Kernel - Affects Ice Driver
CVE-2025-38526

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 August 2025

What is CVE-2025-38526?

A vulnerability exists in the ice driver of the Linux kernel due to a lack of checks on the lag->upper_netdev variable, which can lead to a NULL pointer dereference error. When the function ice_lag_is_switchdev_running() is invoked outside its intended LAG event handler context, it may encounter a NULL reference. This oversight necessitates the implementation of an appropriate NULL check before dereferencing the variable to ensure system stability and security.

Affected Version(s)

Linux 776fe19953b0e0af00399e50fb3b205101d4b3c1 < 27591d926191e42b2332e4bad3bcd3a49def393b

Linux 776fe19953b0e0af00399e50fb3b205101d4b3c1 < 5a5d64f0eec82076b2c09fee2195d640cfbe3379

Linux 776fe19953b0e0af00399e50fb3b205101d4b3c1 < 245917d3c5ed7c6ae720302b64eac5c6f0c85177

References

https://git.kernel.org/stable/c/27591d926191e42b2332e4bad...
https://git.kernel.org/stable/c/5a5d64f0eec82076b2c09fee2...
https://git.kernel.org/stable/c/245917d3c5ed7c6ae720302b6...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38526 : NULL Pointer Vulnerability in Linux Kernel - Affects Ice Driver