{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-14T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild",
    "id" : "2439895",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2439895"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nice: Fix PTP NULL pointer dereference during VSI rebuild\nFix race condition where PTP periodic work runs while VSI is being\nrebuilt, accessing NULL vsi->rx_rings.\nThe sequence was:\n1. ice_ptp_prepare_for_reset() cancels PTP work\n2. ice_ptp_rebuild() immediately queues PTP work\n3. VSI rebuild happens AFTER ice_ptp_rebuild()\n4. PTP work runs and accesses NULL vsi->rx_rings\nFix: Keep PTP work cancelled during rebuild, only queue it after\nVSI rebuild completes in ice_rebuild().\nAdded ice_ptp_queue_work() helper function to encapsulate the logic\nfor queuing PTP work, ensuring it's only queued when PTP is supported\nand the state is ICE_PTP_READY.\nError log:\n[  121.392544] ice 0000:60:00.1: PTP reset successful\n[  121.392692] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  121.392712] #PF: supervisor read access in kernel mode\n[  121.392720] #PF: error_code(0x0000) - not-present page\n[  121.392727] PGD 0\n[  121.392734] Oops: Oops: 0000 [#1] SMP NOPTI\n[  121.392746] CPU: 8 UID: 0 PID: 1005 Comm: ice-ptp-0000:60 Tainted: G S                  6.19.0-rc6+ #4 PREEMPT(voluntary)\n[  121.392761] Tainted: [S]=CPU_OUT_OF_SPEC\n[  121.392773] RIP: 0010:ice_ptp_update_cached_phctime+0xbf/0x150 [ice]\n[  121.393042] Call Trace:\n[  121.393047]  <TASK>\n[  121.393055]  ice_ptp_periodic_work+0x69/0x180 [ice]\n[  121.393202]  kthread_worker_fn+0xa2/0x260\n[  121.393216]  ? __pfx_ice_ptp_periodic_work+0x10/0x10 [ice]\n[  121.393359]  ? __pfx_kthread_worker_fn+0x10/0x10\n[  121.393371]  kthread+0x10d/0x230\n[  121.393382]  ? __pfx_kthread+0x10/0x10\n[  121.393393]  ret_from_fork+0x273/0x2b0\n[  121.393407]  ? __pfx_kthread+0x10/0x10\n[  121.393417]  ret_from_fork_asm+0x1a/0x30\n[  121.393432]  </TASK>", "A flaw was found in the Linux kernel's ice network driver. A local attacker could exploit a race condition during the Virtual Station Interface (VSI) rebuild process. This flaw occurs when the Precision Time Protocol (PTP) periodic work attempts to access uninitialized memory, leading to a NULL pointer dereference. Successful exploitation results in a system crash, causing a Denial of Service (DoS)." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-06T00:00:00Z",
    "advisory" : "RHSA-2026:6570",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.47.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-06T00:00:00Z",
    "advisory" : "RHSA-2026:6570",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.47.1.el9_7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23210\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23210\nhttps://lore.kernel.org/linux-cve-announce/2026021439-CVE-2026-23210-7cac@gregkh/T" ],
  "name" : "CVE-2026-23210",
  "mitigation" : {
    "value" : "To mitigate this vulnerability, prevent the `ice` kernel module from loading. This can be achieved by creating a blacklist file for the module.\n1. Create a file named `/etc/modprobe.d/blacklist-ice.conf` with the following content:\n`blacklist ice`\n2. Regenerate the initramfs to ensure the blacklist is applied during boot:\n`dracut -f -v`\n3. Reboot the system for the changes to take effect.\nWarning: Blacklisting the `ice` module may impact network functionality if your system relies on network devices using this driver. Ensure this action is compatible with your system's requirements before proceeding.",
    "lang" : "en:us"
  },
  "csaw" : false
}