Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2026-22993

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/01/2026
Last modified:
23/01/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: Fix RSS LUT NULL ptr issue after soft reset<br /> <br /> During soft reset, the RSS LUT is freed and not restored unless the<br /> interface is up. If an ethtool command that accesses the rss lut is<br /> attempted immediately after reset, it will result in NULL ptr<br /> dereference. Also, there is no need to reset the rss lut if the soft reset<br /> does not involve queue count change.<br /> <br /> After soft reset, set the RSS LUT to default values based on the updated<br /> queue count only if the reset was a result of a queue count change and<br /> the LUT was not configured by the user. In all other cases, don&amp;#39;t touch<br /> the LUT.<br /> <br /> Steps to reproduce:<br /> <br /> ** Bring the interface down (if up)<br /> ifconfig eth1 down<br /> <br /> ** update the queue count (eg., 27-&gt;20)<br /> ethtool -L eth1 combined 20<br /> <br /> ** display the RSS LUT<br /> ethtool -x eth1<br /> <br /> [82375.558338] BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> [82375.558373] #PF: supervisor read access in kernel mode<br /> [82375.558391] #PF: error_code(0x0000) - not-present page<br /> [82375.558408] PGD 0 P4D 0<br /> [82375.558421] Oops: Oops: 0000 [#1] SMP NOPTI<br /> <br /> [82375.558516] RIP: 0010:idpf_get_rxfh+0x108/0x150 [idpf]<br /> [82375.558786] Call Trace:<br /> [82375.558793] <br /> [82375.558804] rss_prepare.isra.0+0x187/0x2a0<br /> [82375.558827] rss_prepare_data+0x3a/0x50<br /> [82375.558845] ethnl_default_doit+0x13d/0x3e0<br /> [82375.558863] genl_family_rcv_msg_doit+0x11f/0x180<br /> [82375.558886] genl_rcv_msg+0x1ad/0x2b0<br /> [82375.558902] ? __pfx_ethnl_default_doit+0x10/0x10<br /> [82375.558920] ? __pfx_genl_rcv_msg+0x10/0x10<br /> [82375.558937] netlink_rcv_skb+0x58/0x100<br /> [82375.558957] genl_rcv+0x2c/0x50<br /> [82375.558971] netlink_unicast+0x289/0x3e0<br /> [82375.558988] netlink_sendmsg+0x215/0x440<br /> [82375.559005] __sys_sendto+0x234/0x240<br /> [82375.559555] __x64_sys_sendto+0x28/0x30<br /> [82375.560068] x64_sys_call+0x1909/0x1da0<br /> [82375.560576] do_syscall_64+0x7a/0xfa0<br /> [82375.561076] ? clear_bhb_loop+0x60/0xb0<br /> [82375.561567] entry_SYSCALL_64_after_hwframe+0x76/0x7e<br />

Impact

References to Advisories, Solutions, and Tools