Linux Kernel PCI NULL Pointer Dereference Vulnerability in SR-IOV VF Creation Error Path

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's PCI subsystem, specifically during the creation of Virtual Functions (VFs) in Single Root I/O Virtualization (SR-IOV) environments. This issue arises when the error handling flow fails to properly manage device removal, leading to a kernel oops caused by accessing partially initialized virtual function devices. The vulnerability has been addressed by improving the error handling process, ensuring that proper cleanup is performed when setting up virtual functions, thus preventing NULL pointer dereferences during device removal.

Impact

Exploitation of this vulnerability leads to a kernel NULL pointer dereference, causing a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCI NULL Pointer Dereference Vulnerability in SR-IOV VF Creation Error Path

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating