Primary

Context

Linux Kernel Null Pointer Dereference Vulnerability in bnxt_en Component

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the Linux kernel's bnxt_en component. This issue arises in certain older firmware versions, where an uninitialized trace data type can lead to a crash. The vulnerability occurs in the bnxt_bs_trace_type_wrap() function, triggered by the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER event. The problem has been addressed by adding a check for a valid magic_byte pointer before the function proceeds, preventing the crash.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash in the affected system.

Added: Dec 16, 2025, 4:42 PM

Updated: Dec 16, 2025, 4:42 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Null Pointer Dereference Vulnerability in bnxt_en Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating