Impact
The Linux ice network driver contains a race condition between the routines that free the transmit timestamp ring and those that map transmit rings. If the free operation clears its flag after zeroing the pointer, a concurrent mapping call may read a stale flag, then dereference a null pointer, causing a kernel crash. This vulnerability is tied to CWE‑367 (Race Condition) and can result in denial of service on the affected system.
Affected Systems
All Linux kernel builds that include the ice driver and have not yet applied the post‑release commit that reorders flag clearing and adds memory barriers are potentially vulnerable.
Risk and Exploitability
The CVSS score of 5.5 indicates medium severity, and the EPSS score of < 1 % suggests a low likelihood of exploitation. The flaw does not appear in the CISA KEV catalog and would likely require a timing attack on the driver, which is non‑trivial. Nevertheless, a kernel crash can temporarily disrupt network operations, so the risk justifies a prompt patch.
OpenCVE Enrichment