CVE-2025-39814
- Source
- https://cve.org/CVERecord?id=CVE-2025-39814
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39814.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-39814
- Downstream
- Related
- Published
- 2025-09-16T13:00:15.552Z
- Modified
- 2026-04-02T12:48:10.022682Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ice: fix NULL pointer dereference in iceunplugaux_dev() on reset
Issuing a reset when the driver is loaded without RDMA support, will results in a crash as it attempts to remove RDMA's non-existent auxbus device: echo 1 > /sys/class/net/<if>/device/reset
BUG: kernel NULL pointer dereference, address: 0000000000000008 ... RIP: 0010:iceunplugauxdev+0x29/0x70 [ice] ... Call Trace: <TASK> iceprepareforreset+0x77/0x260 [ice] pcidevsaveanddisable+0x2c/0x70 pciresetfunction+0x88/0x130 resetstore+0x5a/0xa0 kernfsfopwriteiter+0x15e/0x210 vfswrite+0x273/0x520 ksyswrite+0x6b/0xe0 dosyscall64+0x79/0x3b0 entrySYSCALL64afterhwframe+0x76/0x7e
iceunplugauxdev() checks pf->cdevinfo->adev for NULL pointer, but pf->cdev_info will also be NULL, leading to the deref in the trace above.
Introduce a flag to be set when the creation of the auxbus device is successful, to avoid multiple NULL pointer checks in iceunplugaux_dev().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39814.json" }- References
-
- https://git.kernel.org/stable/c/60dfe2434eed13082f26eb7409665dfafb38fa51
- https://git.kernel.org/stable/c/db783756a7d7cfaea039411971d0dc0a374e85cb
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39814.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39814
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git