Feng Zhou

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The Linux kernel's ixgbe driver is vulnerable to a NULL pointer dereference in the ixgbe xdp setup function. This occurs when the maximum value of num xdp queues is set to nr cpu ids, and the user sets num queues to 63 through ethtool. The code in ixgbe set rss queues sets the queues number, and when the user uses xdp, it leads to a panic. The issue arises from the fact that num rx queues is greater than num xdp queues when running ixgbe xdp setup. Technical details about exploitation include: - The `ixgbe set rss queues` function sets the queues number. - The `ixgbe xdp setup` function leads to a panic when `num rx queues` is greater than `num xdp queues`. - The `adapter->xdp ring[i]->xsk umem` variable is accessed in a loop, leading to the NULL pointer dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.