{ "threat_severity" : "Moderate", "public_date" : "2025-11-12T00:00:00Z", "bugzilla" : { "description" : "kernel: ice: ice_adapter: release xa entry on adapter allocation failure", "id" : "2414741", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2414741" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nice: ice_adapter: release xa entry on adapter allocation failure\nWhen ice_adapter_new() fails, the reserved XArray entry created by\nxa_insert() is not released. This causes subsequent insertions at\nthe same index to return -EBUSY, potentially leading to\nNULL pointer dereferences.\nReorder the operations as suggested by Przemek Kitszel:\n1. Check if adapter already exists (xa_load)\n2. Reserve the XArray slot (xa_reserve)\n3. Allocate the adapter (ice_adapter_new)\n4. Store the adapter (xa_store)", "A NULL pointer dereference exists in the Linux kernel such that (ice: ice_adapter) fails to release a reserved XArray entry when ice_adapter_new() fails. As a result, subsequent insertions at the same index may return -EBUSY, which can lead to damage to system availability, integrity, and confidentiality." ], "statement" : "ice_adapter_get() leaked a reserved XArray entry on adapter allocation failure, causing subsequent inserts to fail and potentially leading to a NULL pointer dereference. Impact is local DoS in the Intel ICE driver initialization path. Practical triggering typically requires privileged control over PCI/driver binding (hence for the CVSS the PR:H).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22854", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.20.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-12-01T00:00:00Z", "advisory" : "RHSA-2025:22405", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.11.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-12-01T00:00:00Z", "advisory" : "RHSA-2025:22405", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.11.1.el9_7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40185\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40185\nhttps://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40185-0689@gregkh/T" ], "name" : "CVE-2025-40185", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }