CVE-2026-22985NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 23

Description

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed before the interface is brought up for the first time. Move RSS LUT initialization from ndo_open to vport creation to ensure LUT is always available. This enables RSS configuration via ethtool before bring

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.76.18.6+1
Debianlinux/linux_kernel< 6.18.8-1
CVEListV5linux/linuxa251eee62133774cf35ff829041377e721ef9c8cdf2790b5228fbd3ed415b70a231cffdad0431618+3
debiandebian/linux< linux 6.18.8-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2026-22985: In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is no2026-01-23
GHSA
GHSA-gj4p-f535-7c3j: In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is2026-01-23

📋Vendor Advisories

2
Red Hat
kernel: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations2026-01-23
Debian
CVE-2026-22985: linux - In the Linux kernel, the following vulnerability has been resolved: idpf: Fix R...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-22985 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-22985 — NULL Pointer Dereference in Linux | cvebase