Primary

Context

Linux Kernel igb Driver NULL Pointer Dereference Vulnerability in Ethtool Loopback Test

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the Linux kernel's igb driver, specifically during the ethtool loopback test. This issue arises because the test ring is not associated with a q_vector, as interrupts are usually not applied to test rings. The vulnerability was introduced when the napi_id assignment was removed from the XDP (eXpress Data Path) receive queue registration function, creating an unnecessary requirement to pass a napi_id. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.

Added: Sep 23, 2025, 6:30 AM

Updated: Sep 23, 2025, 6:30 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel igb Driver NULL Pointer Dereference Vulnerability in Ethtool Loopback Test

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating