cvelistv5 - cve-2025-38683

CVE-2025-38683 (GCVE-0-2025-38683)

Vulnerability from cvelistv5

Published

2025-09-04 15:32

Modified

2025-09-04 15:32

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_batch() >> default_device_exit_net() is called. When netvsc NIC is moved back and registered to the default namespace, it automatically brings VF NIC back to the default namespace. This will cause the default_device_exit_net() >> for_each_netdev_safe loop unable to detect the list end, and hit NULL ptr: [ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0 [ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 231.450246] #PF: supervisor read access in kernel mode [ 231.450579] #PF: error_code(0x0000) - not-present page [ 231.450916] PGD 17b8a8067 P4D 0 [ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI [ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY [ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 231.452692] Workqueue: netns cleanup_net [ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0 [ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00 [ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246 [ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb [ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564 [ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000 [ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340 [ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340 [ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000 [ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0 [ 231.458434] Call Trace: [ 231.458600] <TASK> [ 231.458777] ops_undo_list+0x100/0x220 [ 231.459015] cleanup_net+0x1b8/0x300 [ 231.459285] process_one_work+0x184/0x340 To fix it, move the ns change to a workqueue, and take rtnl_lock to avoid changing the netdev list when default_device_exit_net() is using it.

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318

Impacted products

Vendor

Product

Version

▼

Linux

Version: 3eb6aa870057da9f1304db660f68b9c2eb7e856d
Version: b7a396f76ada277d049558db648389456458af65
Version: 4faa6e3e66b3251eb4bf5761d2f3f0f14095aaca
Version: 62c85b9a0dd7471a362170323e1211ad98ff7b4b
Version: 4c262801ea60c518b5bebc22a09f5b78b3147da2
Version: 4c262801ea60c518b5bebc22a09f5b78b3147da2
Version: 4c262801ea60c518b5bebc22a09f5b78b3147da2
Version: 4c262801ea60c518b5bebc22a09f5b78b3147da2
Version: 7abd221a55a61b6b2bf0e80f850bfc0ae75c7e01
Version: 31a38a908c98aebc7a1104dab5f1ba199f234b7b
Version: 04d748d4bd2d86739b159563f257e3dc5492c88d

Linux

Version: 6.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/hyperv/hyperv_net.h",
            "drivers/net/hyperv/netvsc_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3ca41ab55d23a0aa71661a5a56a8f06c11db90dc",
              "status": "affected",
              "version": "3eb6aa870057da9f1304db660f68b9c2eb7e856d",
              "versionType": "git"
            },
            {
              "lessThan": "3467c4ebb334658c6fcf3eabb64a6e8b2135e010",
              "status": "affected",
              "version": "b7a396f76ada277d049558db648389456458af65",
              "versionType": "git"
            },
            {
              "lessThan": "4eff1e57a8ef98d70451b94e8437e458b27dd234",
              "status": "affected",
              "version": "4faa6e3e66b3251eb4bf5761d2f3f0f14095aaca",
              "versionType": "git"
            },
            {
              "lessThan": "2a70cbd1aef8b8be39992ab7b776ce1390091774",
              "status": "affected",
              "version": "62c85b9a0dd7471a362170323e1211ad98ff7b4b",
              "versionType": "git"
            },
            {
              "lessThan": "d036104947176d030bec64792d54e1b4f4c7f318",
              "status": "affected",
              "version": "4c262801ea60c518b5bebc22a09f5b78b3147da2",
              "versionType": "git"
            },
            {
              "lessThan": "5276896e6923ebe8c68573779d784aaf7d987cce",
              "status": "affected",
              "version": "4c262801ea60c518b5bebc22a09f5b78b3147da2",
              "versionType": "git"
            },
            {
              "lessThan": "4293f6c5ccf735b26afeb6825def14d830e0367b",
              "status": "affected",
              "version": "4c262801ea60c518b5bebc22a09f5b78b3147da2",
              "versionType": "git"
            },
            {
              "lessThan": "33caa208dba6fa639e8a92fd0c8320b652e5550c",
              "status": "affected",
              "version": "4c262801ea60c518b5bebc22a09f5b78b3147da2",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7abd221a55a61b6b2bf0e80f850bfc0ae75c7e01",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "31a38a908c98aebc7a1104dab5f1ba199f234b7b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "04d748d4bd2d86739b159563f257e3dc5492c88d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/hyperv/hyperv_net.h",
            "drivers/net/hyperv/netvsc_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.10.229",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.15.170",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "6.1.115",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "6.6.59",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.43",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.11",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc2",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.323",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.285",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.11.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[  231.450246] #PF: supervisor read access in kernel mode\n[  231.450579] #PF: error_code(0x0000) - not-present page\n[  231.450916] PGD 17b8a8067 P4D 0\n[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[  231.452692] Workqueue: netns cleanup_net\n[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[  231.458434] Call Trace:\n[  231.458600]  \u003cTASK\u003e\n[  231.458777]  ops_undo_list+0x100/0x220\n[  231.459015]  cleanup_net+0x1b8/0x300\n[  231.459285]  process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-04T15:32:38.215Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010"
        },
        {
          "url": "https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774"
        },
        {
          "url": "https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318"
        },
        {
          "url": "https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce"
        },
        {
          "url": "https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b"
        },
        {
          "url": "https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c"
        }
      ],
      "title": "hv_netvsc: Fix panic during namespace deletion with VF",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38683",
    "datePublished": "2025-09-04T15:32:38.215Z",
    "dateReserved": "2025-04-16T04:51:24.032Z",
    "dateUpdated": "2025-09-04T15:32:38.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38683\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-04T16:15:36.047\",\"lastModified\":\"2025-09-05T17:47:24.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhv_netvsc: Fix panic during namespace deletion with VF\\n\\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\\nreceived on netvsc NIC. During deletion of the namespace,\\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\\nnetvsc NIC is moved back and registered to the default namespace, it\\nautomatically brings VF NIC back to the default namespace. This will cause\\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\\nthe list end, and hit NULL ptr:\\n\\n[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\\n[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\\n[  231.450246] #PF: supervisor read access in kernel mode\\n[  231.450579] #PF: error_code(0x0000) - not-present page\\n[  231.450916] PGD 17b8a8067 P4D 0\\n[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\\n[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\\n[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\\n[  231.452692] Workqueue: netns cleanup_net\\n[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\\n[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\\n[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\\n[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\\n[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\\n[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\\n[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\\n[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\\n[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\\n[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\\n[  231.458434] Call Trace:\\n[  231.458600]  \u003cTASK\u003e\\n[  231.458777]  ops_undo_list+0x100/0x220\\n[  231.459015]  cleanup_net+0x1b8/0x300\\n[  231.459285]  process_one_work+0x184/0x340\\n\\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\\nchanging the netdev list when default_device_exit_net() is using it.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

ghsa-3wcf-2vw2-33qp

Vulnerability from github

Published

2025-09-05 18:31

Modified

2025-09-05 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: Fix panic during namespace deletion with VF

The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_batch() >> default_device_exit_net() is called. When netvsc NIC is moved back and registered to the default namespace, it automatically brings VF NIC back to the default namespace. This will cause the default_device_exit_net() >> for_each_netdev_safe loop unable to detect the list end, and hit NULL ptr:

[ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0 [ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 231.450246] #PF: supervisor read access in kernel mode [ 231.450579] #PF: error_code(0x0000) - not-present page [ 231.450916] PGD 17b8a8067 P4D 0 [ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI [ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY [ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 231.452692] Workqueue: netns cleanup_net [ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0 [ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00 [ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246 [ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb [ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564 [ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000 [ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340 [ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340 [ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000 [ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0 [ 231.458434] Call Trace: [ 231.458600] [ 231.458777] ops_undo_list+0x100/0x220 [ 231.459015] cleanup_net+0x1b8/0x300 [ 231.459285] process_one_work+0x184/0x340

To fix it, move the ns change to a workqueue, and take rtnl_lock to avoid changing the netdev list when default_device_exit_net() is using it.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38683"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T16:15:36Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[  231.450246] #PF: supervisor read access in kernel mode\n[  231.450579] #PF: error_code(0x0000) - not-present page\n[  231.450916] PGD 17b8a8067 P4D 0\n[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[  231.452692] Workqueue: netns cleanup_net\n[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[  231.458434] Call Trace:\n[  231.458600]  \u003cTASK\u003e\n[  231.458777]  ops_undo_list+0x100/0x220\n[  231.459015]  cleanup_net+0x1b8/0x300\n[  231.459285]  process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it.",
  "id": "GHSA-3wcf-2vw2-33qp",
  "modified": "2025-09-05T18:31:15Z",
  "published": "2025-09-05T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38683"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

wid-sec-w-2025-1976

Vulnerability from csaf_certbund

Published

2025-09-04 22:00

Modified

2025-09-09 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1976 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1976.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1976 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1976"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38679",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090443-CVE-2025-38679-be66@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38680",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090445-CVE-2025-38680-cce6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38681",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38681-db66@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38682",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38682-a90a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38683",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38683-573c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38684",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38684-db4c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38685",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38685-d633@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38686",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38686-281b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38687",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38687-564a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38688",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38688-6e94@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38689",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38689-ac95@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38690",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090449-CVE-2025-38690-ea6c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38691",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090449-CVE-2025-38691-8a2e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38692",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38692-90f5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38693",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38693-aeb5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38694",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38694-056d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38695",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38695-f491@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38696",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38696-4ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38697",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38697-b37e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38698",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38698-e0e3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38699",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38699-9ca5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38700",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38700-0c1b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38701",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38701-691e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38702",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38702-0b09@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38703",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38703-2f5c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38704",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38704-4353@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38705",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38705-7cd6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38706",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38706-da55@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38707",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38707-5808@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38708",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38708-6792@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38709",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38709-f62c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38710",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38710-1b60@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38711",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38711-b653@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38712",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38712-6273@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38713",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38713-dc89@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38714",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38714-36f0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38715",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090458-CVE-2025-38715-8464@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38716",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090458-CVE-2025-38716-4971@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38717",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38717-fbf6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38718",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38718-5bb6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38719",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38719-16b4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38720",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38720-a45e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38721",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38721-e31a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38722",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38722-de5f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38723",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38723-18f0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38724",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38724-5309@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38725",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38725-eb3f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38726",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38726-e4a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38727",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38727-a22c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38728",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38728-191d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38729",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38729-ca88@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38730",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38730-f2e6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2025-09-09",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-09-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-10T05:06:40.011+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1976",
      "initial_release_date": "2025-09-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-09-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Produktzuordnung \u00fcberpr\u00fcft, CPE korrigiert"
        },
        {
          "date": "2025-09-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Linux Kernel \u003c6.6.96.2-1 on Linux 3.0",
                "product": {
                  "name": "Microsoft Azure Linux Kernel \u003c6.6.96.2-1 on Linux 3.0",
                  "product_id": "T046805"
                }
              },
              {
                "category": "product_version",
                "name": "Linux Kernel 6.6.96.2-1 on Linux 3.0",
                "product": {
                  "name": "Microsoft Azure Linux Kernel 6.6.96.2-1 on Linux 3.0",
                  "product_id": "T046805-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:linux_kernel__6.6.96.2-1_on_linux_3.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Azure"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "6368",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-38679",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38679"
    },
    {
      "cve": "CVE-2025-38680",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38680"
    },
    {
      "cve": "CVE-2025-38681",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38681"
    },
    {
      "cve": "CVE-2025-38682",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38682"
    },
    {
      "cve": "CVE-2025-38683",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38683"
    },
    {
      "cve": "CVE-2025-38684",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38684"
    },
    {
      "cve": "CVE-2025-38685",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38685"
    },
    {
      "cve": "CVE-2025-38686",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38686"
    },
    {
      "cve": "CVE-2025-38687",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38687"
    },
    {
      "cve": "CVE-2025-38688",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38688"
    },
    {
      "cve": "CVE-2025-38689",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38689"
    },
    {
      "cve": "CVE-2025-38690",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38690"
    },
    {
      "cve": "CVE-2025-38691",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38691"
    },
    {
      "cve": "CVE-2025-38692",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38692"
    },
    {
      "cve": "CVE-2025-38693",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38693"
    },
    {
      "cve": "CVE-2025-38694",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38694"
    },
    {
      "cve": "CVE-2025-38695",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38695"
    },
    {
      "cve": "CVE-2025-38696",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38696"
    },
    {
      "cve": "CVE-2025-38697",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38697"
    },
    {
      "cve": "CVE-2025-38698",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38698"
    },
    {
      "cve": "CVE-2025-38699",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38699"
    },
    {
      "cve": "CVE-2025-38700",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38700"
    },
    {
      "cve": "CVE-2025-38701",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38701"
    },
    {
      "cve": "CVE-2025-38702",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38702"
    },
    {
      "cve": "CVE-2025-38703",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38703"
    },
    {
      "cve": "CVE-2025-38704",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38704"
    },
    {
      "cve": "CVE-2025-38705",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38705"
    },
    {
      "cve": "CVE-2025-38706",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38706"
    },
    {
      "cve": "CVE-2025-38707",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38707"
    },
    {
      "cve": "CVE-2025-38708",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38708"
    },
    {
      "cve": "CVE-2025-38709",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38709"
    },
    {
      "cve": "CVE-2025-38710",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38710"
    },
    {
      "cve": "CVE-2025-38711",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38711"
    },
    {
      "cve": "CVE-2025-38712",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38712"
    },
    {
      "cve": "CVE-2025-38713",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38713"
    },
    {
      "cve": "CVE-2025-38714",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38714"
    },
    {
      "cve": "CVE-2025-38715",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38715"
    },
    {
      "cve": "CVE-2025-38716",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38716"
    },
    {
      "cve": "CVE-2025-38717",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38717"
    },
    {
      "cve": "CVE-2025-38718",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38718"
    },
    {
      "cve": "CVE-2025-38719",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38719"
    },
    {
      "cve": "CVE-2025-38720",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38720"
    },
    {
      "cve": "CVE-2025-38721",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38721"
    },
    {
      "cve": "CVE-2025-38722",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38722"
    },
    {
      "cve": "CVE-2025-38723",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38723"
    },
    {
      "cve": "CVE-2025-38724",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38724"
    },
    {
      "cve": "CVE-2025-38725",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38725"
    },
    {
      "cve": "CVE-2025-38726",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38726"
    },
    {
      "cve": "CVE-2025-38727",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38727"
    },
    {
      "cve": "CVE-2025-38728",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38728"
    },
    {
      "cve": "CVE-2025-38729",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38729"
    },
    {
      "cve": "CVE-2025-38730",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38730"
    }
  ]
}

fkie_cve-2025-38683

Vulnerability from fkie_nvd

Published

2025-09-04 16:15

Modified

2025-09-05 17:47

Severity ?

Summary

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[  231.450246] #PF: supervisor read access in kernel mode\n[  231.450579] #PF: error_code(0x0000) - not-present page\n[  231.450916] PGD 17b8a8067 P4D 0\n[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[  231.452692] Workqueue: netns cleanup_net\n[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[  231.458434] Call Trace:\n[  231.458600]  \u003cTASK\u003e\n[  231.458777]  ops_undo_list+0x100/0x220\n[  231.459015]  cleanup_net+0x1b8/0x300\n[  231.459285]  process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it."
    }
  ],
  "id": "CVE-2025-38683",
  "lastModified": "2025-09-05T17:47:24.833",
  "metrics": {},
  "published": "2025-09-04T16:15:36.047",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-38683 (GCVE-0-2025-38683)

Vulnerability from cvelistv5

ghsa-3wcf-2vw2-33qp

Vulnerability from github

wid-sec-w-2025-1976

Vulnerability from csaf_certbund

fkie_cve-2025-38683

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature