CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
A NULL pointer dereference flaw was found in ethtool loopback test in the Linux Kernel. This issue occurs due to a missing q_vector associated with the test ring when it is setup, as interrupts are not normally added to the test rings. Exploiting the vulnerability can result in system crash and denial of service attacks.
The vulnerable code is present in ixgbe driver supporting 82598 and 82599 based PCI express 10G network connections. The vulnerability can be mitigated by either not using these chipsets or upgrading to the latest software.