NULL Pointer Dereference in Linux Kernel Ice Driver
CVE-2025-39814

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39814?

A vulnerability exists in the Linux kernel's ice driver that can lead to a NULL pointer dereference when a reset is issued without RDMA support. This occurs during the execution of the ice_unplug_aux_dev() function, which incorrectly handles the removal of the auxbus device when it is not present. The root cause lies in the absence of adequate checks for NULL pointers in the code, specifically in pf->cdev_info. When the driver attempts to reset, it can crash the system due to the NULL dereference, underscoring the importance of maintaining updated kernel versions that address this issue.

Affected Version(s)

Linux c24a65b6a27c78d8540409800886b6622ea86ebf

Linux c24a65b6a27c78d8540409800886b6622ea86ebf < 60dfe2434eed13082f26eb7409665dfafb38fa51

Linux 6.16

References

https://git.kernel.org/stable/c/db783756a7d7cfaea03941197...

https://git.kernel.org/stable/c/60dfe2434eed13082f26eb740...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025