In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same index to return -EBUSY, potentially leading to NULL pointer dereferences. Reorder the operations as suggested by Przemek Kitszel: 1. Check if adapter already exists (xa_load) 2. Reserve the XArray slot (xa_reserve) 3. Allocate the adapter (ice_adapter_new) 4. Store the adapter (xa_store)
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40185-0689@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:22405 https://access.redhat.com/errata/RHSA-2025:22405
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:22854 https://access.redhat.com/errata/RHSA-2025:22854