{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T20:11:41.957","vulnerabilities":[{"cve":{"id":"CVE-2026-23210","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-14T17:15:58.910","lastModified":"2026-04-02T12:16:19.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix PTP NULL pointer dereference during VSI rebuild\n\nFix race condition where PTP periodic work runs while VSI is being\nrebuilt, accessing NULL vsi->rx_rings.\n\nThe sequence was:\n1. ice_ptp_prepare_for_reset() cancels PTP work\n2. ice_ptp_rebuild() immediately queues PTP work\n3. VSI rebuild happens AFTER ice_ptp_rebuild()\n4. PTP work runs and accesses NULL vsi->rx_rings\n\nFix: Keep PTP work cancelled during rebuild, only queue it after\nVSI rebuild completes in ice_rebuild().\n\nAdded ice_ptp_queue_work() helper function to encapsulate the logic\nfor queuing PTP work, ensuring it's only queued when PTP is supported\nand the state is ICE_PTP_READY.\n\nError log:\n[  121.392544] ice 0000:60:00.1: PTP reset successful\n[  121.392692] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  121.392712] #PF: supervisor read access in kernel mode\n[  121.392720] #PF: error_code(0x0000) - not-present page\n[  121.392727] PGD 0\n[  121.392734] Oops: Oops: 0000 [#1] SMP NOPTI\n[  121.392746] CPU: 8 UID: 0 PID: 1005 Comm: ice-ptp-0000:60 Tainted: G S                  6.19.0-rc6+ #4 PREEMPT(voluntary)\n[  121.392761] Tainted: [S]=CPU_OUT_OF_SPEC\n[  121.392773] RIP: 0010:ice_ptp_update_cached_phctime+0xbf/0x150 [ice]\n[  121.393042] Call Trace:\n[  121.393047]  <TASK>\n[  121.393055]  ice_ptp_periodic_work+0x69/0x180 [ice]\n[  121.393202]  kthread_worker_fn+0xa2/0x260\n[  121.393216]  ? __pfx_ice_ptp_periodic_work+0x10/0x10 [ice]\n[  121.393359]  ? __pfx_kthread_worker_fn+0x10/0x10\n[  121.393371]  kthread+0x10d/0x230\n[  121.393382]  ? __pfx_kthread+0x10/0x10\n[  121.393393]  ret_from_fork+0x273/0x2b0\n[  121.393407]  ? __pfx_kthread+0x10/0x10\n[  121.393417]  ret_from_fork_asm+0x1a/0x30\n[  121.393432]  </TASK>"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nice: Soluciona la desreferencia de puntero NULL de PTP durante la reconstrucción de VSI\n\nSoluciona la condición de carrera donde el trabajo periódico de PTP se ejecuta mientras VSI está siendo reconstruido, accediendo a vsi-&gt;rx_rings NULL.\n\nLa secuencia fue:\n1. ice_ptp_prepare_for_reset() cancela el trabajo de PTP\n2. ice_ptp_rebuild() encola inmediatamente el trabajo de PTP\n3. La reconstrucción de VSI ocurre DESPUÉS de ice_ptp_rebuild()\n4. El trabajo de PTP se ejecuta y accede a vsi-&gt;rx_rings NULL\n\nCorrección: Mantener el trabajo de PTP cancelado durante la reconstrucción, solo encolarlo después de que la reconstrucción de VSI se complete en ice_rebuild().\n\nSe añadió la función auxiliar ice_ptp_queue_work() para encapsular la lógica de encolamiento del trabajo de PTP, asegurando que solo se encole cuando PTP es compatible y el estado es ICE_PTP_READY.\n\nRegistro de error:\n[  121.392544] ice 0000:60:00.1: Reinicio de PTP exitoso\n[  121.392692] BUG: desreferencia de puntero NULL del kernel, dirección: 0000000000000000\n[  121.392712] #PF: acceso de lectura de supervisor en modo kernel\n[  121.392720] #PF: error_code(0x0000) - página no presente\n[  121.392727] PGD 0\n[  121.392734] Oops: Oops: 0000 [#1] SMP NOPTI\n[  121.392746] CPU: 8 UID: 0 PID: 1005 Comm: ice-ptp-0000:60 Tainted: G S                  6.19.0-rc6+ #4 PREEMPT(voluntary)\n[  121.392761] Tainted: [S]=CPU_OUT_OF_SPEC\n[  121.392773] RIP: 0010:ice_ptp_update_cached_phctime+0xbf/0x150 [ice]\n[  121.393042] Traza de Llamada:\n[  121.393047] \n[  121.393055] ice_ptp_periodic_work+0x69/0x180 [ice]\n[  121.393202] kthread_worker_fn+0xa2/0x260\n[  121.393216] ? __pfx_ice_ptp_periodic_work+0x10/0x10 [ice]\n[  121.393359] ? __pfx_kthread_worker_fn+0x10/0x10\n[  121.393371] kthread+0x10d/0x230\n[  121.393382] ? __pfx_kthread+0x10/0x10\n[  121.393393] ret_from_fork+0x273/0x2b0\n[  121.393407] ? __pfx_kthread+0x10/0x10\n[  121.393417] ret_from_fork_asm+0x1a/0x30\n[  121.393432] "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.18.10","matchCriteriaId":"241EA55E-C309-4617-A483-BA8E77746F53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7565d4df66b6619b50dc36618d8b8f1787d77e19","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba0c7fff6616025a7d3a9e887e7ce16b06dc34b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fc6f36eaaedcf4b81af6fe1a568f018ffd530660","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}