CVE-2025-21883: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's ice driver was discovered and disclosed on March 27, 2025. The issue occurs when iceenavfs() fails after calling icecreatevf_entries(), where it frees all VFs without removing them from the snapshot PF-VF mailbox list, leading to list corruption (NVD).

The vulnerability manifests as a list corruption bug in the ice driver's VF management code. When iceenavfs() fails after icecreatevfentries(), it incorrectly handles the cleanup process, resulting in a corrupted list state. The issue can be reproduced by manipulating the eswitch mode and SRIOV settings. The bug manifests either as a listadd corruption where next->prev should be prev but was found to be NULL, or as a KASAN use-after-free report in _listaddvalidor_report (NVD, Snyk).

The vulnerability results in list corruption which can lead to system instability and potential denial of service. According to Red Hat's assessment, the vulnerability has a CVSS v3.1 base score of 5.5, indicating a medium severity impact with high availability impact but no loss of confidentiality or integrity (Red Hat).

The vulnerability has been resolved in the Linux kernel through a fix that moves the VF removal operation to icefreevfentries(), which is called in various places where VFs are being removed, including icefree_vfs() itself (NVD).