CVE-2025-22065: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel (CVE-2025-22065) was discovered and resolved on April 16, 2025. The issue involves a NULL pointer dereference in the idpf driver when SRIOV is enabled, occurring during system reboot. The vulnerability stems from the idpf_remove() function being called twice: first via idpf_shutdown() and then again through sriov_disable() (NVD, Red Hat).

The vulnerability occurs when SRIOV is enabled and the idpf driver encounters a double call to idpf_remove(). The first call happens through idpf_shutdown() and the second through sriov_disable(). This sequence can result in the adapter being NULL from the first call to idpf_remove(), leading to a NULL pointer dereference. The issue can be triggered by executing 'echo 1 > /sys/class/net//device/sriov_numvfs' followed by a reboot. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) (Red Hat).

The vulnerability can lead to a kernel NULL pointer dereference, potentially causing system crashes or denial of service conditions when exploited. This affects systems running the Linux kernel with SRIOV enabled and the idpf driver in use (NVD).

The fix involves replacing the direct idpf_remove() call in idpf_shutdown() with idpf_vc_core_deinit() and idpf_deinit_dflt_mbx(). These functions perform the cleanup tasks such as stopping the init task, freeing IRQs, destroying vports, and freeing the mailbox. This solution avoids the problematic calls to sriov_disable() and related cleanup operations that aren't necessary during shutdown (NVD).