Primary

Context

Linux Kernel mlx4 Ethernet Driver NULL Pointer Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's mlx4 Ethernet driver can lead to a NULL pointer dereference. This issue arises in the 'mlx4_en_create_rx_ring' function, where a NULL check was improperly used after calling 'page_pool_create()'. The 'page_pool_create()' function can return error pointers, and the NULL check could result in an invalid pointer dereference. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected kernel module.

Added: Sep 19, 2025, 4:43 PM

Updated: Sep 19, 2025, 4:43 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel mlx4 Ethernet Driver NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating