Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NULL Dereference Vulnerability in net: sxgbe Driver

Vulnerability

A potential NULL pointer dereference vulnerability has been identified in the Linux kernel's net: sxgbe driver. This issue arises when the receive buffer (skb) is null. The driver currently logs an error but then improperly dereferences the skb on the following line. The vulnerability has been addressed by modifying the error handling to prevent the null dereference, similar to practices in other drivers.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a crash or undefined behavior in the driver.

Reproduction

The vulnerability can be reproduced by using the net: sxgbe driver in a scenario where the receive buffer (skb) is null. This can be simulated by creating a receive descriptor that does not point to a valid buffer, which will trigger the error logging followed by the null dereference.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability.

Added: Dec 16, 2025, 6:20 PM
Updated: Dec 16, 2025, 6:20 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
1.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.