Null Pointer Dereference in Linux Kernel Affecting Ice Networking Driver
CVE-2025-38664

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38664?

A vulnerability exists in the Ice networking driver of the Linux kernel due to a potential null pointer dereference in the function ice_copy_and_init_pkg(). The issue arises from a missing check on the return value of devm_kmemdup(), which can result in undefined behavior or crashes. This flaw could compromise system stability or lead to other unintended consequences if exploited. It's crucial for users and system administrators to apply the relevant updates to mitigate this risk.

Affected Version(s)

Linux c7648810961682b9388be2dd041df06915647445 < 1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b

Linux c7648810961682b9388be2dd041df06915647445 < 3028f2a4e746b499043bbb8ab816f975473a0535

Linux c7648810961682b9388be2dd041df06915647445 < 0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7

References

https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1...

https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab...

https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025