CVE-2025-68213

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the idpf driver related to the removal of the driver. Specifically, a NULL pointer dereference can occur in the idpf remove function when attempting to remove the driver if the vport failed to initialize. This can lead to a system crash. The issue is triggered when the driver attempts to free memory associated with a null vport config pointer. The call trace indicates involvement of functions such as pci device remove, device release driver internal, pci stop bus device, pci stop and remove bus device, pci iov remove virtfn, sriov disable, idpf sriov configure, and sriov numvfs store.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-03157

CVE-2025-68213

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8152-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68213

Weakness Enumeration

Related Identifiers

Affected Products

References · 1944