CVE-2025-38526
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's Intel Ethernet Controller (ice) driver could cause kernel panics or system crashes when specific network configurations trigger the ice_lag_is_switchdev_running() function. This affects systems using Intel Ethernet controllers with the ice driver and Link Aggregation (LAG) features enabled. The vulnerability requires local access or ability to manipulate network interfaces.
💻 Affected Systems
- Linux kernel with Intel Ethernet Controller (ice) driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting critical network services.
Likely Case
System crash or kernel panic when specific network configuration changes are made, requiring reboot to restore service.
If Mitigated
No impact if the vulnerable code path isn't triggered through LAG configuration changes.
🎯 Exploit Status
Requires local access and ability to trigger specific network configuration changes; not trivial to exploit remotely
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing commits: 245917d3c5ed7c6ae720302b64eac5c6f0c85177, 27591d926191e42b2332e4bad3bcd3a49def393b, 3ce58b01ada408b372f15b7c992ed0519840e3cf, 5a5d64f0eec82076b2c09fee2195d640cfbe3379
Vendor Advisory: https://git.kernel.org/stable/c/245917d3c5ed7c6ae720302b64eac5c6f0c85177
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. For custom kernels, apply the referenced git commits. 3. No reboot required for driver-only updates, but kernel updates typically require reboot.
🔧 Temporary Workarounds
Disable LAG features
allPrevent triggering the vulnerable code path by disabling Link Aggregation features on affected Intel Ethernet interfaces
# Check current LAG configuration
ip link show
# Disable bonding/LAG interfaces if not needed
ip link set bond0 down
🧯 If You Can't Patch
- Restrict local user access to network configuration tools and interfaces
- Implement strict change control for network configuration modifications
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ice driver is loaded: uname -r && lsmod | grep iceCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for ice driver errors after network configuration changes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- NULL pointer dereference errors mentioning ice_lag_is_switchdev_running()
Network Indicators:
- Sudden loss of network connectivity on affected interfaces
- Unexpected interface state changes
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "ice_lag_is_switchdev_running" OR "kernel panic")