CVE-2025-68213

EPSS 0.02%
Veröffentlicht 16.12.2025 13:57:09
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

idpf: fix possible vport_config NULL pointer deref in remove

Attempting to remove the driver will cause a crash in cases where
the vport failed to initialize. Following trace is from an instance where
the driver failed during an attempt to create a VF:
[ 1661.543624] idpf 0000:84:00.7: Device HW Reset initiated
[ 1722.923726] idpf 0000:84:00.7: Transaction timed-out (op:1 cookie:2900 vc_op:1 salt:29 timeout:60000ms)
[ 1723.353263] BUG: kernel NULL pointer dereference, address: 0000000000000028
...
[ 1723.358472] RIP: 0010:idpf_remove+0x11c/0x200 [idpf]
...
[ 1723.364973] Call Trace:
[ 1723.365475]  <TASK>
[ 1723.365972]  pci_device_remove+0x42/0xb0
[ 1723.366481]  device_release_driver_internal+0x1a9/0x210
[ 1723.366987]  pci_stop_bus_device+0x6d/0x90
[ 1723.367488]  pci_stop_and_remove_bus_device+0x12/0x20
[ 1723.367971]  pci_iov_remove_virtfn+0xbd/0x120
[ 1723.368309]  sriov_disable+0x34/0xe0
[ 1723.368643]  idpf_sriov_configure+0x58/0x140 [idpf]
[ 1723.368982]  sriov_numvfs_store+0xda/0x1c0

Avoid the NULL pointer dereference by adding NULL pointer check for
vport_config[i], before freeing user_config.q_coalesce.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < a0e1c9bc1c9fe735978150ad075616a728073bc7

Version bd80fbf3ed250ca98923780dab5e634db5d2f828

Status affected

Version < d5be8663cff0ba7b94da34ebd499ce1123b4c334

Version e1e3fec3e34b4934a9d2c98e4ee00a4d87b19179

Status affected

Version < 118082368c2b6ddefe6cb607efc312285148f044

Version e1e3fec3e34b4934a9d2c98e4ee00a4d87b19179

Status affected

Version 5e87b3145578a169839e456fa0aba86e123d2d8e

Status affected

Version ba11b0f3e9a97661f6caeee3dfc633af8ecee5a5

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.17

Status affected

Version < 6.17

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.60

Status unaffected

Version <= 6.17.*

Version 6.17.10

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/a0e1c9bc1c9fe735978150ad075616a728073bc7

https://git.kernel.org/stable/c/d5be8663cff0ba7b94da34ebd499ce1123b4c334

https://git.kernel.org/stable/c/118082368c2b6ddefe6cb607efc312285148f044

https://nvd.nist.gov/vuln/detail/CVE-2025-68213

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68213

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68213

EUVD