Impact
A null pointer dereference occurs in the Linux kernel's ice driver when an error path in ice_set_ringparam() leaves the ICE_TX_RING_FLAGS_TXTIME flag set while the underlying tstamp_ring is NULL. During unwinding, the driver attempts to access tstamp_ring->desc, causing a kernel panic or crash. The impact is a local denial of service, potentially allowing an attacker to crash the system by leveraging faulty network interface configuration or error conditions. The weakness corresponds to CWE-476, Null Pointer Dereference.
Affected Systems
The vulnerability exists in any Linux kernel that includes the ice driver for Intel E810/E830 network interfaces. Specific version ranges are not disclosed in the advisory, but the issue was identified during code review of recent kernel source revisions and will be present in unpatched kernels containing the affected function. Systems running these kernels on any architecture that loads the ice module are potentially impacted.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, indicating it is not a known widely The likely attack vector requires local access to trigger an error in ice_set_ringparam(), meaning the attacker would need the capability to configure network cause the driver to fail during normal operation. Because the issue is exposed only when the ICE_TX_RING_FLAGS_TXTIME flag is set and the subsequent setup fails, exploitation would likely require privileged system access, making the risk higher for compromised or administrative systems while still limiting external exposure. The impact remains a denial of service via kernel crash.
OpenCVE Enrichment