CVE-2025-38569 (GCVE-0-2025-38569)
Vulnerability from cvelistv5
Published
2025-08-19 17:02
Modified
2025-08-28 14:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
benet: fix BUG when creating VFs
benet crashes as soon as SRIOV VFs are created:
kernel BUG at mm/vmalloc.c:3457!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)
[...]
RIP: 0010:vunmap+0x5f/0x70
[...]
Call Trace:
<TASK>
__iommu_dma_free+0xe8/0x1c0
be_cmd_set_mac_list+0x3fe/0x640 [be2net]
be_cmd_set_mac+0xaf/0x110 [be2net]
be_vf_eth_addr_config+0x19f/0x330 [be2net]
be_vf_setup+0x4f7/0x990 [be2net]
be_pci_sriov_configure+0x3a1/0x470 [be2net]
sriov_numvfs_store+0x20b/0x380
kernfs_fop_write_iter+0x354/0x530
vfs_write+0x9b9/0xf60
ksys_write+0xf3/0x1d0
do_syscall_64+0x8c/0x3d0
be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.
Fix it by freeing only after the lock has been released.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 797bb9439c0489bbea4b8808297ec7a569098667 Version: 7cfae8627511361f90a1a22dfae556c3fbc5bd8d Version: 671aaa17bd3153e25526934f92307169ce927b5e Version: 4393452e6c0c027971ec9bcc9557f52e63db3f0a Version: 41d731e7920387ea13e2fb440a1e235686faeeb9 Version: fd1ef3b1bdd3fec683ebd19eb3acc6a2cb60b5c6 Version: 1a82d19ca2d6835904ee71e2d40fd331098f94a0 Version: 1a82d19ca2d6835904ee71e2d40fd331098f94a0 Version: 1a82d19ca2d6835904ee71e2d40fd331098f94a0 Version: 227a829c9067bf03b1967e7e0b1a6777fd57edef |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/emulex/benet/be_cmds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3697e37e012bbd2bb5a5b467689811ba097b2eff",
"status": "affected",
"version": "797bb9439c0489bbea4b8808297ec7a569098667",
"versionType": "git"
},
{
"lessThan": "975e73b9102d844a3dc3f091ad631c56145c8b4c",
"status": "affected",
"version": "7cfae8627511361f90a1a22dfae556c3fbc5bd8d",
"versionType": "git"
},
{
"lessThan": "f80b34ebc579216407b128e9d155bfcae875c30f",
"status": "affected",
"version": "671aaa17bd3153e25526934f92307169ce927b5e",
"versionType": "git"
},
{
"lessThan": "46d44a23a3723a89deeb65b13cddb17f8d9f2700",
"status": "affected",
"version": "4393452e6c0c027971ec9bcc9557f52e63db3f0a",
"versionType": "git"
},
{
"lessThan": "c377ba2be9430d165a98e4b782902ed630bc7546",
"status": "affected",
"version": "41d731e7920387ea13e2fb440a1e235686faeeb9",
"versionType": "git"
},
{
"lessThan": "0ddfe8b127ef1149fddccb79db6e6eaba7738e7d",
"status": "affected",
"version": "fd1ef3b1bdd3fec683ebd19eb3acc6a2cb60b5c6",
"versionType": "git"
},
{
"lessThan": "d5dc09ee5d74277bc47193fe28ce8703e229331b",
"status": "affected",
"version": "1a82d19ca2d6835904ee71e2d40fd331098f94a0",
"versionType": "git"
},
{
"lessThan": "f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e",
"status": "affected",
"version": "1a82d19ca2d6835904ee71e2d40fd331098f94a0",
"versionType": "git"
},
{
"lessThan": "5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63",
"status": "affected",
"version": "1a82d19ca2d6835904ee71e2d40fd331098f94a0",
"versionType": "git"
},
{
"status": "affected",
"version": "227a829c9067bf03b1967e7e0b1a6777fd57edef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/emulex/benet/be_cmds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.14"
},
{
"lessThan": "6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.241",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.297",
"versionStartIncluding": "5.4.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.241",
"versionStartIncluding": "5.10.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.190",
"versionStartIncluding": "5.15.179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.148",
"versionStartIncluding": "6.1.131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.102",
"versionStartIncluding": "6.6.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.42",
"versionStartIncluding": "6.12.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.10",
"versionStartIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.1",
"versionStartIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17-rc1",
"versionStartIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbenet: fix BUG when creating VFs\n\nbenet crashes as soon as SRIOV VFs are created:\n\n kernel BUG at mm/vmalloc.c:3457!\n Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)\n [...]\n RIP: 0010:vunmap+0x5f/0x70\n [...]\n Call Trace:\n \u003cTASK\u003e\n __iommu_dma_free+0xe8/0x1c0\n be_cmd_set_mac_list+0x3fe/0x640 [be2net]\n be_cmd_set_mac+0xaf/0x110 [be2net]\n be_vf_eth_addr_config+0x19f/0x330 [be2net]\n be_vf_setup+0x4f7/0x990 [be2net]\n be_pci_sriov_configure+0x3a1/0x470 [be2net]\n sriov_numvfs_store+0x20b/0x380\n kernfs_fop_write_iter+0x354/0x530\n vfs_write+0x9b9/0xf60\n ksys_write+0xf3/0x1d0\n do_syscall_64+0x8c/0x3d0\n\nbe_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.\nFix it by freeing only after the lock has been released."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:43:51.166Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3697e37e012bbd2bb5a5b467689811ba097b2eff"
},
{
"url": "https://git.kernel.org/stable/c/975e73b9102d844a3dc3f091ad631c56145c8b4c"
},
{
"url": "https://git.kernel.org/stable/c/f80b34ebc579216407b128e9d155bfcae875c30f"
},
{
"url": "https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700"
},
{
"url": "https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546"
},
{
"url": "https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d"
},
{
"url": "https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b"
},
{
"url": "https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e"
},
{
"url": "https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63"
}
],
"title": "benet: fix BUG when creating VFs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38569",
"datePublished": "2025-08-19T17:02:49.987Z",
"dateReserved": "2025-04-16T04:51:24.025Z",
"dateUpdated": "2025-08-28T14:43:51.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38569\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:33.663\",\"lastModified\":\"2025-08-28T15:15:53.463\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbenet: fix BUG when creating VFs\\n\\nbenet crashes as soon as SRIOV VFs are created:\\n\\n kernel BUG at mm/vmalloc.c:3457!\\n Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\\n CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)\\n [...]\\n RIP: 0010:vunmap+0x5f/0x70\\n [...]\\n Call Trace:\\n \u003cTASK\u003e\\n __iommu_dma_free+0xe8/0x1c0\\n be_cmd_set_mac_list+0x3fe/0x640 [be2net]\\n be_cmd_set_mac+0xaf/0x110 [be2net]\\n be_vf_eth_addr_config+0x19f/0x330 [be2net]\\n be_vf_setup+0x4f7/0x990 [be2net]\\n be_pci_sriov_configure+0x3a1/0x470 [be2net]\\n sriov_numvfs_store+0x20b/0x380\\n kernfs_fop_write_iter+0x354/0x530\\n vfs_write+0x9b9/0xf60\\n ksys_write+0xf3/0x1d0\\n do_syscall_64+0x8c/0x3d0\\n\\nbe_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.\\nFix it by freeing only after the lock has been released.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: benet: se corrige un ERROR al crear VF. benet se bloquea tan pronto como se crean los VF SRIOV: \u00a1ERROR del kernel en mm/vmalloc.c:3457! Oops: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: cargado No contaminado 6.16.0+ #1 PREEMPT(voluntario) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Rastreo de llamadas: __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() bajo un spin_lock_bh. Para solucionarlo, libere el bloqueo solo despu\u00e9s de liberarlo.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3697e37e012bbd2bb5a5b467689811ba097b2eff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/975e73b9102d844a3dc3f091ad631c56145c8b4c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f80b34ebc579216407b128e9d155bfcae875c30f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…