Linux Kernel ibmvnic Driver NULL Pointer Dereference Vulnerability

Vulnerability

A race condition has been identified in the Linux kernel's ibmvnic driver, specifically between the transmit and reset processes. This race can cause the transmit function to access a transmission descriptor that has already been freed, leading to a NULL pointer dereference. The issue arises when the transmit queue is restarted before a reset is fully completed, allowing a transmission to be processed with an invalid descriptor, which can cause a kernel crash.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, caused by the ibmvnic transmit function accessing a freed transmission descriptor during a reset process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ibmvnic Driver NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating