Main Vulnerability Database SB2026032599

SB2026032599 - NULL Pointer Dereference in Linux kernel intel ice driver

Published: March 25, 2026

Security Bulletin ID SB2026032599

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL Pointer Dereference (CVE-ID: CVE-2026-23353)

The vulnerability allows a local user to cause a denial of service (system crash) due to a NULL pointer dereference.

The vulnerability exists due to improper initialization in the ice network driver's Rx ring when handling ethtool offline loopback tests. A local user can execute a specially crafted ethtool command to trigger a NULL pointer dereference, leading to a kernel crash.

The issue specifically occurs because the libeth interface is not initialized for the receive ring in loopback test virtual switch instances (VSI), resulting in a NULL pointer dereference during buffer allocation.

Remediation

Install update from vendor's website.

SB2026032599 - NULL Pointer Dereference in Linux kernel intel ice driver

Breakdown by Severity

Description

Remediation

References

Please verify you're human