-

CVE-2026-53007

ice: fix potential NULL pointer deref in error path of ice_set_ringparam()

In the Linux kernel, the following vulnerability has been resolved:

ice: fix potential NULL pointer deref in error path of ice_set_ringparam()

ice_set_ringparam nullifies tstamp_ring of temporary tx_rings, without
clearing ICE_TX_RING_FLAGS_TXTIME bit.
When ICE_TX_RING_FLAGS_TXTIME is set and the subsequent
ice_setup_tx_ring() call fails, a NULL pointer dereference could happen
in the unwinding sequence:

ice_clean_tx_ring()
-> ice_is_txtime_cfg() == true (ICE_TX_RING_FLAGS_TXTIME is set)
-> ice_free_tx_tstamp_ring()
  -> ice_free_tstamp_ring()
    -> tstamp_ring->desc (NULL deref)

Clear ICE_TX_RING_FLAGS_TXTIME bit to avoid the potential issue.

Note that this potential issue is found by manual code review.
Compile test only since unfortunately I don't have E830 devices.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version ccde82e909467abdf098a8ee6f63e1ecf9a47ce5
Version < c54e3c270384829336b2526033d44ce1aa6dc67c
Status affected
Version ccde82e909467abdf098a8ee6f63e1ecf9a47ce5
Version < fa28351f970fa5138c7c5dedfe5dea480a0ee065
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.18
Status affected
Version 0
Version < 6.18
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/c54e3c270384829336b2526033d44ce1aa6dc67c
https://git.kernel.org/stable/c/fa28351f970fa5138c7c5dedfe5dea480a0ee065