CVE-2025-38053

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: fix null-ptr-deref in idpf_features_check<br /> <br /> idpf_features_check is used to validate the TX packet. skb header<br /> length is compared with the hardware supported value received from<br /> the device control plane. The value is stored in the adapter structure<br /> and to access it, vport pointer is used. During reset all the vports<br /> are released and the vport pointer that the netdev private structure<br /> points to is NULL.<br /> <br /> To avoid null-ptr-deref, store the max header length value in netdev<br /> private structure. This also helps to cache the value and avoid<br /> accessing adapter pointer in hot path.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000068<br /> ...<br /> RIP: 0010:idpf_features_check+0x6d/0xe0 [idpf]<br /> Call Trace:<br /> <br /> ? __die+0x23/0x70<br /> ? page_fault_oops+0x154/0x520<br /> ? exc_page_fault+0x76/0x190<br /> ? asm_exc_page_fault+0x26/0x30<br /> ? idpf_features_check+0x6d/0xe0 [idpf]<br /> netif_skb_features+0x88/0x310<br /> validate_xmit_skb+0x2a/0x2b0<br /> validate_xmit_skb_list+0x4c/0x70<br /> sch_direct_xmit+0x19d/0x3a0<br /> __dev_queue_xmit+0xb74/0xe70<br /> ...