Описание
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.
Отчет
A missing NULL check after devm_kmemdup() in the Intel ICE driver could lead to a kernel NULL pointer dereference during DDP package initialization, causing a denial of service. Triggering typically requires administrative privileges to load/update the DDP package and conditions leading to allocation failure. No confidentiality or integrity impact is expected; availability is high. Exploitation requires administrative privileges because only privileged users can load or update Intel ICE Dynamic Device Personalization (DDP) packages or otherwise trigger the affected initialization path, making the required privilege level High.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.1 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
In the Linux kernel, the following vulnerability has been resolved: i ...
Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP7)
EPSS
4.1 Medium
CVSS3