NULL Pointer Dereference in Linux Kernel's Ice Network Driver
CVE-2026-53289

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53289?

A vulnerability exists in the Ice network driver within the Linux kernel, specifically related to the ice_reset_all_vfs() function. When the VSI (Virtual Switch Interface) rebuild fails, important return values are ignored, leading to a NULL pointer dereference during an invocation of ice_vf_post_vsi_rebuild(). This fault can occur after a failed VLAN redesign requiring a network firmware update, causing kernel instability and potential crashes. The resolution applied ensures that failures in rebuilding the VSI do not result in an unsafe state, enhancing system reliability during network operations.

Affected Version(s)

Linux 12bb018c538c3b9a050f69f62fa09fa6c9160bca

Linux 12bb018c538c3b9a050f69f62fa09fa6c9160bca < 3ad2471e61e9f0c4d25046d08e3d747501c3b0dd

Linux 12bb018c538c3b9a050f69f62fa09fa6c9160bca < 4c2ac52eeeb672624b06c7a135301d7b8a21d52e

References

https://git.kernel.org/stable/c/acc76b97902757b63ba5136f7...

https://git.kernel.org/stable/c/3ad2471e61e9f0c4d25046d08...

https://git.kernel.org/stable/c/4c2ac52eeeb672624b06c7a13...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53289 Data

JSON