CVE-2025-68213

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: fix possible vport_config NULL pointer deref in remove<br /> <br /> Attempting to remove the driver will cause a crash in cases where<br /> the vport failed to initialize. Following trace is from an instance where<br /> the driver failed during an attempt to create a VF:<br /> [ 1661.543624] idpf 0000:84:00.7: Device HW Reset initiated<br /> [ 1722.923726] idpf 0000:84:00.7: Transaction timed-out (op:1 cookie:2900 vc_op:1 salt:29 timeout:60000ms)<br /> [ 1723.353263] BUG: kernel NULL pointer dereference, address: 0000000000000028<br /> ...<br /> [ 1723.358472] RIP: 0010:idpf_remove+0x11c/0x200 [idpf]<br /> ...<br /> [ 1723.364973] Call Trace:<br /> [ 1723.365475] <br /> [ 1723.365972] pci_device_remove+0x42/0xb0<br /> [ 1723.366481] device_release_driver_internal+0x1a9/0x210<br /> [ 1723.366987] pci_stop_bus_device+0x6d/0x90<br /> [ 1723.367488] pci_stop_and_remove_bus_device+0x12/0x20<br /> [ 1723.367971] pci_iov_remove_virtfn+0xbd/0x120<br /> [ 1723.368309] sriov_disable+0x34/0xe0<br /> [ 1723.368643] idpf_sriov_configure+0x58/0x140 [idpf]<br /> [ 1723.368982] sriov_numvfs_store+0xda/0x1c0<br /> <br /> Avoid the NULL pointer dereference by adding NULL pointer check for<br /> vport_config[i], before freeing user_config.q_coalesce.