CVE-2025-40185

Summary

In the Linux kernel, the following vulnerability has been resolved:

ice: ice_adapter: release xa entry on adapter allocation failure

When ice_adapter_new() fails, the reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same index to return -EBUSY, potentially leading to NULL pointer dereferences.

Reorder the operations as suggested by Przemek Kitszel:

  1. Check if adapter already exists (xa_load)
  2. Reserve the XArray slot (xa_reserve)
  3. Allocate the adapter (ice_adapter_new)
  4. Store the adapter (xa_store)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0f0023c649c7bc50543fbe6e1801eb6357b8bd63 < 7b9269de9815fc34d93dab90bd5169bacbe78e70affected
LinuxLinux0f0023c649c7bc50543fbe6e1801eb6357b8bd63 < 794abb265de3e792167fe3ea0440c064c722bb84affected
LinuxLinux0f0023c649c7bc50543fbe6e1801eb6357b8bd63 < 2db687f3469dbc5c59bc53d55acafd75d530b497affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.12.54 <= 6.12.*unaffected
LinuxLinux6.17.4 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References