CVE-2023-54037NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl lock for VSI deconfig and config. Set ::num_q_vectors to 0 after freeing and add a check for ::tx/rx_rings in ring related ethtool ops. Add proper unroll of filters in ice_start_eth(). Reproduction: $watch -n 0.1 -d 'ethtool -g enp24s0f0np0' $

Affected Packages4 packages

Linuxlinux/linux_kernel6.3.06.4.7
Debianlinux/linux_kernel< 6.4.11-1+1
CVEListV5linux/linux5b246e533d0177775c64b40a2af1e62aff5d279bca03b327224ed6be2d07f42ee6ee1cdd586cfd5b+2
debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

3
OSV
ice: prevent NULL pointer deref during reload2025-12-24
GHSA
GHSA-fxpr-g6q4-mmqw: In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can2025-12-24
OSV
CVE-2023-54037: In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can le2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service in ice driver via ethtool reload2025-12-24
Debian
CVE-2023-54037: linux - In the Linux kernel, the following vulnerability has been resolved: ice: preven...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54037 Impact, Exploitability, and Mitigation Steps | Wiz