CVE-2025-39854

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: fix NULL access of tx-&gt;in_use in ice_ll_ts_intr<br /> <br /> Recent versions of the E810 firmware have support for an extra interrupt to<br /> handle report of the "low latency" Tx timestamps coming from the<br /> specialized low latency firmware interface. Instead of polling the<br /> registers, software can wait until the low latency interrupt is fired.<br /> <br /> This logic makes use of the Tx timestamp tracking structure, ice_ptp_tx, as<br /> it uses the same "ready" bitmap to track which Tx timestamps complete.<br /> <br /> Unfortunately, the ice_ll_ts_intr() function does not check if the<br /> tracker is initialized before its first access. This results in NULL<br /> dereference or use-after-free bugs similar to the issues fixed in the<br /> ice_ptp_ts_irq() function.<br /> <br /> Fix this by only checking the in_use bitmap (and other fields) if the<br /> tracker is marked as initialized. The reset flow will clear the init field<br /> under lock before it tears the tracker down, thus preventing any<br /> use-after-free or NULL access.