Impact
A NULL pointer dereference occurs in the Linux kernel bnxt_en driver when PCIe error recovery runs on a device that has already been closed. During error handling the function bnxt_io_error_detected() attempts to disable and synchronize interrupts through a mapping function that assumes a valid bp->bnapi pointer, which is NULL on a closed NIC. The dereference results in a kernel panic, causing the system to crash and disrupting availability.
Affected Systems
All Linux kernel installations that include the bnxt_en network driver are potentially affected. The CVE does not specify exact kernel versions; the issue exists in pre‑patch kernel releases that contain the unguarded code path. Users should verify whether their kernel contains the commit that adds the NULL‑check guard.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity and the EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the flaw is triggered during internal PCIe error handling, it is likely exploitable only by a privileged user or through a local attack that can induce PCIe errors on a closed Network Interface Card. The primary risk is a local denial of service through a forced kernel crash, with no evidence of remote code execution or privilege escalation.
OpenCVE Enrichment
Debian DLA