Bug 2439875 (CVE-2026-23117) - CVE-2026-23117 kernel: ice: add missing ice_deinit_hw() in devlink reinit path
Summary: CVE-2026-23117 kernel: ice: add missing ice_deinit_hw() in devlink reinit path
Keywords:
Status: NEW
Alias: CVE-2026-23117
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-14 16:02 UTC by OSIDB Bzimport
Modified: 2026-02-16 13:40 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-02-14 16:02:51 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ice: add missing ice_deinit_hw() in devlink reinit path

devlink-reload results in ice_init_hw failed error, and then removing
the ice driver causes a NULL pointer dereference.

[  +0.102213] ice 0000:ca:00.0: ice_init_hw failed: -16
...
[  +0.000001] Call Trace:
[  +0.000003]  <TASK>
[  +0.000006]  ice_unload+0x8f/0x100 [ice]
[  +0.000081]  ice_remove+0xba/0x300 [ice]

Commit 1390b8b3d2be ("ice: remove duplicate call to ice_deinit_hw() on
error paths") removed ice_deinit_hw() from ice_deinit_dev(). As a result
ice_devlink_reinit_down() no longer calls ice_deinit_hw(), but
ice_devlink_reinit_up() still calls ice_init_hw(). Since the control
queues are not uninitialized, ice_init_hw() fails with -EBUSY.

Add ice_deinit_hw() to ice_devlink_reinit_down() to correspond with
ice_init_hw() in ice_devlink_reinit_up().
Comment 1 Alexander B 2026-02-16 13:34:56 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026021406-CVE-2026-23117-0b29@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.