{ "threat_severity" : "Moderate", "public_date" : "2025-06-18T00:00:00Z", "bugzilla" : { "description" : "kernel: idpf: fix null-ptr-deref in idpf_features_check", "id" : "2373362", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373362" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nidpf: fix null-ptr-deref in idpf_features_check\nidpf_features_check is used to validate the TX packet. skb header\nlength is compared with the hardware supported value received from\nthe device control plane. The value is stored in the adapter structure\nand to access it, vport pointer is used. During reset all the vports\nare released and the vport pointer that the netdev private structure\npoints to is NULL.\nTo avoid null-ptr-deref, store the max header length value in netdev\nprivate structure. This also helps to cache the value and avoid\naccessing adapter pointer in hot path.\nBUG: kernel NULL pointer dereference, address: 0000000000000068\n...\nRIP: 0010:idpf_features_check+0x6d/0xe0 [idpf]\nCall Trace:\n\n? __die+0x23/0x70\n? page_fault_oops+0x154/0x520\n? exc_page_fault+0x76/0x190\n? asm_exc_page_fault+0x26/0x30\n? idpf_features_check+0x6d/0xe0 [idpf]\nnetif_skb_features+0x88/0x310\nvalidate_xmit_skb+0x2a/0x2b0\nvalidate_xmit_skb_list+0x4c/0x70\nsch_direct_xmit+0x19d/0x3a0\n__dev_queue_xmit+0xb74/0xe70\n...", "A flaw was found in the idpf module in the Linux kernel. A null pointer dereference can be triggered when the driver attempts to use a resource that has already been released, resulting in a denial of service." ], "statement" : "This issue has been fixed in Red Hat Enterprise Linux 8.10 and 9.4 via RHSA-2025:9580 [1] and RHSA-2024:2394 [2], respectively.\n[1]. https://access.redhat.com/errata/RHSA-2025:9580\n[2]. https://access.redhat.com/errata/RHSA-2024:2394", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-06-25T00:00:00Z", "advisory" : "RHSA-2025:9581", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.58.1.rt7.399.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-06-25T00:00:00Z", "advisory" : "RHSA-2025:9580", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.58.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38053\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38053\nhttps://lore.kernel.org/linux-cve-announce/2025061832-CVE-2025-38053-e145@gregkh/T" ], "name" : "CVE-2025-38053", "csaw" : false }