CVE-2026-23210
Description
In the Linux kernel, the following vulnerability has been resolved:ice: Fix PTP null pointer dereference during VSI rebuildFix race condition where PTP periodic work runs while VSI is beingrebuilt, accessing null vsi->rx_rings.The sequence was:1. ice_ptp_prepare_for_reset() cancels PTP work2. ice_ptp_rebuild() immediately queues PTP work3. VSI rebuild happens AFTER ice_ptp_rebuild()4. PTP work runs and accesses null vsi->rx_ringsFix: Keep PTP work cancelled during rebuild, only queue it afterVSI rebuild completes in ice_rebuild().Added ice_ptp_queue_work() helper function to encapsulate the logicfor queuing PTP work, ensuring its only queued when PTP is supportedand the state is ICE_PTP_READY.Error log:[ 121.392544] ice 0000:60:00.1: PTP reset successful[ 121.392692] BUG: kernel null pointer dereference, address: 0000000000000000[ 121.392712] #PF: supervisor read access in kernel mode[ 121.392720] #PF: error_code(0x0000) - not-present page[ 121.392727] PGD 0[ 121.392734] Oops: Oops: 0000 [#1] SMP NOPTI[ 121.392746] CPU: 8 UID: 0 PID: 1005 Comm: ice-ptp-0000:60 Tainted: G S 6.19.0-rc6+ #4 PREEMPT(voluntary)[ 121.392761] Tainted: [S]=CPU_OUT_OF_SPEC[ 121.392773] RIP: 0010:ice_ptp_update_cached_phctime+0xbf/0x150 [ice][ 121.393042] Call Trace:[ 121.393047] [ 121.393055] ice_ptp_periodic_work+0x69/0x180 [ice][ 121.393202] kthread_worker_fn+0xa2/0x260[ 121.393216] __pfx_ice_ptp_periodic_work+0x10/0x10 [ice][ 121.393359] __pfx_kthread_worker_fn+0x10/0x10[ 121.393371] kthread+0x10d/0x230[ 121.393382] __pfx_kthread+0x10/0x10[ 121.393393] ret_from_fork+0x273/0x2b0[ 121.393407] __pfx_kthread+0x10/0x10[ 121.393417] ret_from_fork_asm+0x1a/0x30[ 121.393432]
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234