CVE-2025-68213
Description
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix possible vport_config NULL pointer deref in remove
Attempting to remove the driver will cause a crash in cases where the vport failed to initialize. Following trace is from an instance where the driver failed during an attempt to create a VF: [ 1661.543624] idpf 0000:84:00.7: Device HW Reset initiated [ 1722.923726] idpf 0000:84:00.7: Transaction timed-out (op:1 cookie:2900 vc_op:1 salt:29 timeout:60000ms) [ 1723.353263] BUG: kernel NULL pointer dereference, address: 0000000000000028 ... [ 1723.358472] RIP: 0010:idpf_remove+0x11c/0x200 [idpf] ... [ 1723.364973] Call Trace: [ 1723.365475] [ 1723.365972] pci_device_remove+0x42/0xb0 [ 1723.366481] device_release_driver_internal+0x1a9/0x210 [ 1723.366987] pci_stop_bus_device+0x6d/0x90 [ 1723.367488] pci_stop_and_remove_bus_device+0x12/0x20 [ 1723.367971] pci_iov_remove_virtfn+0xbd/0x120 [ 1723.368309] sriov_disable+0x34/0xe0 [ 1723.368643] idpf_sriov_configure+0x58/0x140 [idpf] [ 1723.368982] sriov_numvfs_store+0xda/0x1c0
Avoid the NULL pointer dereference by adding NULL pointer check for vport_config[i], before freeing user_config.q_coalesce.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2025-68213 is a Linux kernel idpf driver NULL pointer dereference during driver removal when a vport fails to initialize, causing a crash.
Vulnerability
CVE-2025-68213 is a NULL pointer dereference vulnerability in the Linux kernel's idpf driver, specifically in the idpf_remove function. The root cause is that the code does not check if vport_config[i] is NULL before accessing vport_config[i]->user_config.q_coalesce during driver removal. This can occur when a virtual port (vport) fails to initialize, for example due to a hardware reset timeout or other initialization error [1].
Exploitation
An attacker with the ability to trigger driver removal or cause vport initialization failures (such as via VF creation with malformed parameters or triggering hardware resets) can exploit this vulnerability. The attack vector is local, requiring access to the system as a privileged user or the ability to control the device's PCI configuration. No authentication is needed beyond the kernel privileges required to load/unload drivers or manage SR-IOV virtual functions [1].
Impact
Successful exploitation leads to a kernel NULL pointer dereference, resulting in a system crash (kernel panic) and denial of service (DoS). The attacker can cause the system to become unavailable, as demonstrated by the kernel trace showing a BUG and RIP in idpf_remove. No privilege escalation or code execution is indicated by the description [1].
Mitigation
The fix adds a NULL pointer check for vport_config[i] before freeing user_config.q_coalesce, preventing the dereference. This patch has been merged into the Linux kernel stable tree. Users should apply the kernel update containing commit d5be8663cff0ba7b94da34ebd499ce1123b4c334. No workaround is mentioned, so patching is the recommended mitigation [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.