CVE-2025-68302
Description
In the Linux kernel, the following vulnerability has been resolved:
net: sxgbe: fix potential NULL dereference in sxgbe_rx()
Currently, when skb is null, the driver prints an error and then dereferences skb on the next line.
To fix this, let's add a 'break' after the error message to switch to sxgbe_rx_refill(), which is similar to the approach taken by the other drivers in this particular case, e.g. calxeda with xgmac_rx().
Found during a code review.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's sxgbe driver, a NULL pointer dereference in sxgbe_rx() when skb allocation fails is fixed by adding a break statement to prevent erroneous dereference.
Vulnerability
In the Linux kernel's sxgbe network driver, the receive function sxgbe_rx() contains a NULL pointer dereference vulnerability. When memory allocation for the socket buffer (skb) fails, the driver logs an error but then proceeds to dereference the NULL skb pointer on the next line, leading to a potential kernel crash.
Exploitation
This issue is triggered during normal packet reception when the system is under memory pressure, causing skb allocation to fail. An attacker does not need special privileges; any process that can trigger network receive operations on a system using the sxgbe driver can cause the condition. However, exploitation is dependent on memory exhaustion.
Impact
Successful exploitation results in a denial of service (kernel crash). The fix, as described in the CVE, adds a break statement after the error message to exit the processing loop and call sxgbe_rx_refill(), similar to other network drivers. The patch has been applied to the Linux kernel stable branches.
Mitigation
Users should update to a patched kernel version that includes the commit resolving this issue.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/18ef3ad1bb57dcf1a9ee61736039aedccf670b21nvd
- git.kernel.org/stable/c/45b5b4ddb8d6bea5fc1625ff6f163bbb125d49ccnvd
- git.kernel.org/stable/c/46e5332126596a2ca791140feab18ce1fc1a3c86nvd
- git.kernel.org/stable/c/7fd789d6ea4915034eb6bcb72f6883c8151083e5nvd
- git.kernel.org/stable/c/88f46c0be77bfe45830ac33102c75be7c34ac3f3nvd
- git.kernel.org/stable/c/ac171c3c755499c9f87fe30b920602255f8b5648nvd
- git.kernel.org/stable/c/f5bce28f6b9125502abec4a67d68eabcd24b3b17nvd
News mentions
0No linked articles in our index yet.