CVE-2025-68213
- Source
- https://cve.org/CVERecord?id=CVE-2025-68213
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68213.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68213
- Downstream
- Published
- 2025-12-16T13:57:09.046Z
- Modified
- 2026-03-13T04:08:20.315080Z
- Summary
- idpf: fix possible vport_config NULL pointer deref in remove
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix possible vport_config NULL pointer deref in remove
Attempting to remove the driver will cause a crash in cases where the vport failed to initialize. Following trace is from an instance where the driver failed during an attempt to create a VF: [ 1661.543624] idpf 0000:84:00.7: Device HW Reset initiated [ 1722.923726] idpf 0000:84:00.7: Transaction timed-out (op:1 cookie:2900 vcop:1 salt:29 timeout:60000ms) [ 1723.353263] BUG: kernel NULL pointer dereference, address: 0000000000000028 ... [ 1723.358472] RIP: 0010:idpfremove+0x11c/0x200 [idpf] ... [ 1723.364973] Call Trace: [ 1723.365475] <TASK> [ 1723.365972] pcideviceremove+0x42/0xb0 [ 1723.366481] devicereleasedriverinternal+0x1a9/0x210 [ 1723.366987] pcistopbusdevice+0x6d/0x90 [ 1723.367488] pcistopandremovebusdevice+0x12/0x20 [ 1723.367971] pciiovremovevirtfn+0xbd/0x120 [ 1723.368309] sriovdisable+0x34/0xe0 [ 1723.368643] idpfsriovconfigure+0x58/0x140 [idpf] [ 1723.368982] sriovnumvfs_store+0xda/0x1c0
Avoid the NULL pointer dereference by adding NULL pointer check for vportconfig[i], before freeing userconfig.q_coalesce.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68213.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/118082368c2b6ddefe6cb607efc312285148f044
- https://git.kernel.org/stable/c/a0e1c9bc1c9fe735978150ad075616a728073bc7
- https://git.kernel.org/stable/c/d5be8663cff0ba7b94da34ebd499ce1123b4c334
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68213.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68213
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbd80fbf3ed250ca98923780dab5e634db5d2f828Fixeda0e1c9bc1c9fe735978150ad075616a728073bc7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede1e3fec3e34b4934a9d2c98e4ee00a4d87b19179Fixedd5be8663cff0ba7b94da34ebd499ce1123b4c334Fixed118082368c2b6ddefe6cb607efc312285148f044
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected5e87b3145578a169839e456fa0aba86e123d2d8eLast affectedba11b0f3e9a97661f6caeee3dfc633af8ecee5a5