NULL Dereference in Linux Kernel sxgbe Driver
CVE-2025-68302
What is CVE-2025-68302?
A vulnerability has been identified in the Linux kernel's sxgbe driver, which may lead to a NULL pointer dereference when the skb (socket buffer) is null. In the current implementation, the driver logs an error message but proceeds to dereference skb in the subsequent line, which can cause system instability or crashes. To correct this issue, a code modification has been made to introduce a break statement following the error logging, redirecting the flow to sxgbe_rx_refill(). This correction aligns with best practices observed in other drivers, such as calxeda's xgmac_rx(). Users of the affected Linux kernel versions should ensure they have the latest updates to mitigate potential risks.
Affected Version(s)
Linux 1edb9ca69e8a7988900fc0283e10550b5592164d
Linux 1edb9ca69e8a7988900fc0283e10550b5592164d < 18ef3ad1bb57dcf1a9ee61736039aedccf670b21
Linux 1edb9ca69e8a7988900fc0283e10550b5592164d < 46e5332126596a2ca791140feab18ce1fc1a3c86