Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2026-22985

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/01/2026
Last modified:
23/01/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: Fix RSS LUT NULL pointer crash on early ethtool operations<br /> <br /> The RSS LUT is not initialized until the interface comes up, causing<br /> the following NULL pointer crash when ethtool operations like rxhash on/off<br /> are performed before the interface is brought up for the first time.<br /> <br /> Move RSS LUT initialization from ndo_open to vport creation to ensure LUT<br /> is always available. This enables RSS configuration via ethtool before<br /> bringing the interface up. Simplify LUT management by maintaining all<br /> changes in the driver&amp;#39;s soft copy and programming zeros to the indirection<br /> table when rxhash is disabled. Defer HW programming until the interface<br /> comes up if it is down during rxhash and LUT configuration changes.<br /> <br /> Steps to reproduce:<br /> ** Load idpf driver; interfaces will be created<br /> modprobe idpf<br /> ** Before bringing the interfaces up, turn rxhash off<br /> ethtool -K eth2 rxhash off<br /> <br /> [89408.371875] BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> [89408.371908] #PF: supervisor read access in kernel mode<br /> [89408.371924] #PF: error_code(0x0000) - not-present page<br /> [89408.371940] PGD 0 P4D 0<br /> [89408.371953] Oops: Oops: 0000 [#1] SMP NOPTI<br /> <br /> [89408.372052] RIP: 0010:memcpy_orig+0x16/0x130<br /> [89408.372310] Call Trace:<br /> [89408.372317] <br /> [89408.372326] ? idpf_set_features+0xfc/0x180 [idpf]<br /> [89408.372363] __netdev_update_features+0x295/0xde0<br /> [89408.372384] ethnl_set_features+0x15e/0x460<br /> [89408.372406] genl_family_rcv_msg_doit+0x11f/0x180<br /> [89408.372429] genl_rcv_msg+0x1ad/0x2b0<br /> [89408.372446] ? __pfx_ethnl_set_features+0x10/0x10<br /> [89408.372465] ? __pfx_genl_rcv_msg+0x10/0x10<br /> [89408.372482] netlink_rcv_skb+0x58/0x100<br /> [89408.372502] genl_rcv+0x2c/0x50<br /> [89408.372516] netlink_unicast+0x289/0x3e0<br /> [89408.372533] netlink_sendmsg+0x215/0x440<br /> [89408.372551] __sys_sendto+0x234/0x240<br /> [89408.372571] __x64_sys_sendto+0x28/0x30<br /> [89408.372585] x64_sys_call+0x1909/0x1da0<br /> [89408.372604] do_syscall_64+0x7a/0xfa0<br /> [89408.373140] ? clear_bhb_loop+0x60/0xb0<br /> [89408.373647] entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> [89408.378887] <br />

Impact

References to Advisories, Solutions, and Tools