CVE-2026-23166
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's ice driver for Intel E810 Ethernet controllers causes kernel crashes when resuming from suspend. This affects systems using Intel E810-XXV network adapters with kernel version 6.18. The crash occurs when the driver attempts to access uninitialized queue vector pointers during resume operations.
💻 Affected Systems
- Intel Ethernet Controller E810-XXV for SFP
- Intel Ethernet Network Adapter E810-XXV-2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot the system.
Likely Case
System fails to resume from suspend/hibernate, requiring hard reboot and potential data loss from unsaved work.
If Mitigated
With proper patching, resume operations complete successfully without crashes.
🎯 Exploit Status
Exploitation requires physical or privileged access to trigger suspend/resume cycle. Not remotely exploitable. Complexity is medium due to specific hardware and kernel version requirements.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits 36126ddbe924727add05a594dedf230d3b575e4d, 9bb30be4d89ff9a8d7ab1aa0eb2edaca83431f85, d75c7b7c3c2b8e3569043099e6bdcefc983856c5
Vendor Advisory: https://git.kernel.org/stable/c/36126ddbe924727add05a594dedf230d3b575e4d
Restart Required: No
Instructions:
1. Update to a kernel version containing the fix commits. 2. For custom kernels, apply patches from kernel.org. 3. No kernel restart required - fix applies on next resume operation.
🔧 Temporary Workarounds
Disable suspend functionality
allPrevent system from entering suspend/hibernate states to avoid triggering the vulnerability
systemctl mask suspend.target
systemctl mask hibernate.target
systemctl mask hybrid-sleep.target
Blacklist ice module
allPrevent loading of vulnerable ice driver (will disable E810 network functionality)
echo 'blacklist ice' >> /etc/modprobe.d/blacklist-ice.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Avoid using suspend/hibernate functionality on affected systems
- Consider using alternative network adapters if E810 functionality is not critical
🔍 How to Verify
Check if Vulnerable:
Check if system has Intel E810 adapter: 'lspci | grep 159b' and kernel version: 'uname -r' should show v6.18Check Version:
uname -rVerify Fix Applied:
After patching, test suspend/resume: 'systemctl suspend' then wake system. Check dmesg for NULL pointer errors.📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference in ice_vsi_set_napi_queues
- BUG: kernel NULL pointer dereference, address: 0000000000000040
- Oops: Oops: 0000 [#1] SMP NOPTI during resume
Network Indicators:
- Network connectivity loss after resume from suspend
SIEM Query:
event_source="kernel" AND (message:"NULL pointer dereference" AND message:"ice_vsi_set_napi_queues") OR (message:"0000000000000040" AND process:"kernel")