CVE-2025-38683

EPSS 0.04%
Published 04.09.2025 15:32:38
Last modified 05.09.2025 17:47:24
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: Fix panic during namespace deletion with VF

The existing code move the VF NIC to new namespace when NETDEV_REGISTER is
received on netvsc NIC. During deletion of the namespace,
default_device_exit_batch() >> default_device_exit_net() is called. When
netvsc NIC is moved back and registered to the default namespace, it
automatically brings VF NIC back to the default namespace. This will cause
the default_device_exit_net() >> for_each_netdev_safe loop unable to detect
the list end, and hit NULL ptr:

[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0
[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010
[  231.450246] #PF: supervisor read access in kernel mode
[  231.450579] #PF: error_code(0x0000) - not-present page
[  231.450916] PGD 17b8a8067 P4D 0
[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI
[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY
[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024
[  231.452692] Workqueue: netns cleanup_net
[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0
[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00
[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246
[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb
[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564
[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000
[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340
[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340
[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000
[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0
[  231.458434] Call Trace:
[  231.458600]  <TASK>
[  231.458777]  ops_undo_list+0x100/0x220
[  231.459015]  cleanup_net+0x1b8/0x300
[  231.459285]  process_one_work+0x184/0x340

To fix it, move the ns change to a workqueue, and take rtnl_lock to avoid
changing the netdev list when default_device_exit_net() is using it.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 3ca41ab55d23a0aa71661a5a56a8f06c11db90dc

Version 3eb6aa870057da9f1304db660f68b9c2eb7e856d

Status affected

Version < 3467c4ebb334658c6fcf3eabb64a6e8b2135e010

Version b7a396f76ada277d049558db648389456458af65

Status affected

Version < 4eff1e57a8ef98d70451b94e8437e458b27dd234

Version 4faa6e3e66b3251eb4bf5761d2f3f0f14095aaca

Status affected

Version < 2a70cbd1aef8b8be39992ab7b776ce1390091774

Version 62c85b9a0dd7471a362170323e1211ad98ff7b4b

Status affected

Version < d036104947176d030bec64792d54e1b4f4c7f318

Version 4c262801ea60c518b5bebc22a09f5b78b3147da2

Status affected

Version < 5276896e6923ebe8c68573779d784aaf7d987cce

Version 4c262801ea60c518b5bebc22a09f5b78b3147da2

Status affected

Version < 4293f6c5ccf735b26afeb6825def14d830e0367b

Version 4c262801ea60c518b5bebc22a09f5b78b3147da2

Status affected

Version < 33caa208dba6fa639e8a92fd0c8320b652e5550c

Version 4c262801ea60c518b5bebc22a09f5b78b3147da2

Status affected

Version 7abd221a55a61b6b2bf0e80f850bfc0ae75c7e01

Status affected

Version 31a38a908c98aebc7a1104dab5f1ba199f234b7b

Status affected

Version 04d748d4bd2d86739b159563f257e3dc5492c88d

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.12

Status affected

Version < 6.12

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.092

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc

https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010

https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234

https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774

https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318

https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce

https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b

https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c

https://nvd.nist.gov/vuln/detail/CVE-2025-38683

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38683

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38683

EUVD