CVE-2026-23117 in Linuxinfo

Summary

by MITRE • 02/14/2026

In the Linux kernel, the following vulnerability has been resolved:

ice: add missing ice_deinit_hw() in devlink reinit path

devlink-reload results in ice_init_hw failed error, and then removing the ice driver causes a NULL pointer dereference.

[ +0.102213] ice 0000:ca:00.0: ice_init_hw failed: -16
... [ +0.000001] Call Trace:
[ +0.000003] <TASK>
[ +0.000006] ice_unload+0x8f/0x100 [ice]
[ +0.000081] ice_remove+0xba/0x300 [ice]

Commit 1390b8b3d2be ("ice: remove duplicate call to ice_deinit_hw() on error paths") removed ice_deinit_hw() from ice_deinit_dev(). As a result ice_devlink_reinit_down() no longer calls ice_deinit_hw(), but ice_devlink_reinit_up() still calls ice_init_hw(). Since the control queues are not uninitialized, ice_init_hw() fails with -EBUSY.

Add ice_deinit_hw() to ice_devlink_reinit_down() to correspond with ice_init_hw() in ice_devlink_reinit_up().

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/06/2026

The vulnerability described in CVE-2026-23117 represents a critical flaw in the Intel Ethernet Connection E810 series driver implementation within the Linux kernel. This issue manifests specifically within the ice driver's handling of device link reinitialization operations, creating a scenario where system stability is compromised through improper resource management and state transitions. The flaw stems from an inconsistent approach to hardware initialization and deinitialization functions during the devlink reinitialization process, which is a core component of network device management in modern Linux systems. The vulnerability directly impacts the kernel's ability to properly manage hardware resources when network devices undergo runtime reconfiguration operations.

The technical root cause of this vulnerability lies in the improper removal of the ice_deinit_hw() function call from the ice_deinit_dev() function through commit 1390b8b3d2be. This change created an asymmetry in the driver's resource management logic where the ice_devlink_reinit_down() function no longer properly deinitializes hardware components, while ice_devlink_reinit_up() continues to attempt hardware initialization. This mismatch results in a state where control queues remain initialized when ice_init_hw() is called, causing the initialization routine to fail with error code -EBUSY. The error propagation continues through the kernel's device removal path, ultimately leading to a NULL pointer dereference during the ice_unload() function execution. This type of resource management inconsistency falls under CWE-457: Use of Uninitialized Variable, and more specifically represents a resource leak or improper resource cleanup pattern.

The operational impact of this vulnerability extends beyond simple error reporting to potentially cause system crashes or kernel panics during network device reconfiguration operations. When administrators or automated systems attempt to reload network device configurations through devlink interfaces, the system may experience unexpected behavior including kernel oops messages, system hangs, or complete system crashes. The vulnerability is particularly concerning because it affects the fundamental device management pathways that are routinely used in production environments for network maintenance, updates, and configuration changes. Attackers could potentially exploit this weakness to cause denial of service conditions by repeatedly triggering the problematic devlink reinitialization sequence, or by manipulating network device states to force the kernel into the vulnerable code path. This vulnerability aligns with ATT&CK technique T1490: Inhibit System Recovery, as it can be leveraged to prevent normal system recovery operations and maintain persistent service disruption.

The mitigation strategy for this vulnerability requires applying the specific kernel patch that reintroduces the ice_deinit_hw() function call within the ice_devlink_reinit_down() function, ensuring symmetry between the initialization and deinitialization paths. This fix addresses the root cause by restoring proper hardware state management during devlink reinitialization operations, eliminating the race condition that leads to the -EBUSY error and subsequent NULL pointer dereference. System administrators should prioritize applying this patch to all systems running affected kernel versions, particularly those in production environments where network device reconfiguration is regularly performed. The fix also emphasizes the importance of maintaining consistent function call patterns in kernel drivers, as demonstrated by the relationship between CWE-570: Expression is Always False and CWE-571: Expression is Always True, where the removal of a critical function call created an inconsistent state that led to system instability. Organizations should implement comprehensive testing procedures to validate that devlink reinitialization operations function correctly after applying the patch, ensuring that network device management workflows remain robust and reliable.

Responsible

Linux

Reservation

01/13/2026

Disclosure

02/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00100

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!