DEBIAN-CVE-2026-23210

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rxrings. The sequence was: 1. iceptpprepareforreset() cancels PTP work 2. iceptprebuild() immediately queues PTP work 3. VSI rebuild happens AFTER iceptprebuild() 4. PTP work runs and accesses NULL vsi->rxrings Fix: Keep PTP work cancelled during rebuild, only queue it after VSI rebuild completes in icerebuild(). Added iceptpqueuework() helper function to encapsulate the logic for queuing PTP work, ensuring it's only queued when PTP is supported and the state is ICEPTPREADY. Error log: [ 121.392544] ice 0000:60:00.1: PTP reset successful [ 121.392692] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 121.392712] #PF: supervisor read access in kernel mode [ 121.392720] #PF: errorcode(0x0000) - not-present page [ 121.392727] PGD 0 [ 121.392734] Oops: Oops: 0000 [#1] SMP NOPTI [ 121.392746] CPU: 8 UID: 0 PID: 1005 Comm: ice-ptp-0000:60 Tainted: G S 6.19.0-rc6+ #4 PREEMPT(voluntary) [ 121.392761] Tainted: [S]=CPUOUTOFSPEC [ 121.392773] RIP: 0010:iceptpupdatecachedphctime+0xbf/0x150 [ice] [ 121.393042] Call Trace: [ 121.393047] <TASK> [ 121.393055] iceptpperiodicwork+0x69/0x180 [ice] [ 121.393202] kthreadworker_fn+0xa2/0x260 [ 121.393216] ? __pfxiceptpperiodicwork+0x10/0x10 [ice] [ 121.393359] ? __pfxkthreadworker_fn+0x10/0x10 [ 121.393371] kthread+0x10d/0x230 [ 121.393382] ? __pfxkthread+0x10/0x10 [ 121.393393] retfrom_fork+0x273/0x2b0 [ 121.393407] ? __pfxkthread+0x10/0x10 [ 121.393417] retfromforkasm+0x1a/0x30 [ 121.393432] </TASK>