CVE-2025-38526

MEDIUM

Linux Kernel 6.6.1-6.6.99, 6.7.0-6.12.39, 6.13.0-6.15.7 - NULL Pointer Dereference in ice_lag_is_switchdev_running

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ice: add NULL check in eswitch lag check The function ice_lag_is_switchdev_running() is being called from outside of the LAG event handler code. This results in the lag->upper_netdev being NULL sometimes. To avoid a NULL-pointer dereference, there needs to be a check before it is dereferenced.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/27591d926191e42b2332e4bad3bcd3a49def393b

Patch

https://git.kernel.org/stable/c/5a5d64f0eec82076b2c09fee2195d640cfbe3379

Patch

https://git.kernel.org/stable/c/245917d3c5ed7c6ae720302b64eac5c6f0c85177

Patch

https://git.kernel.org/stable/c/3ce58b01ada408b372f15b7c992ed0519840e3cf

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (16)

linux/Kernel 6.13.0 - 6.15.8linux

linux/Kernel 6.6.0 - 6.6.100linux

linux/Kernel 6.7.0 - 6.12.40linux

Linux/Linux < 6.6

Linux/Linux 6.12.40 - 6.12.*

Linux/Linux 6.15.8 - 6.15.*

Linux/Linux 6.16

Linux/Linux 6.6

Linux/Linux 6.6.100 - 6.6.*

Linux/Linux 776fe19953b0e0af00399e50fb3b205101d4b3c1 - 245917d3c5ed7c6ae720302b64eac5c6f0c85177

... and 6 more

Published Aug 16, 2025

Tracked Since Feb 18, 2026