CVE-2025-38569 — NULL Pointer Dereference in Linux
CWE-476 — NULL Pointer DereferenceCWE-763 — Release of Invalid Pointer or Reference39 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 19
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
benet: fix BUG when creating VFs
benet crashes as soon as SRIOV VFs are created:
kernel BUG at mm/vmalloc.c:3457!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)
[...]
RIP: 0010:vunmap+0x5f/0x70
[...]
Call Trace:
__iommu_dma_free+0xe8/0x1c0
be_cmd_set_mac_list+0x3fe/0x640 [be2net]
be_cmd_set_mac+0xaf/0x110 [be2net]
be_vf_eth_addr_co…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux797bb9439c0489bbea4b8808297ec7a569098667 — 3697e37e012bbd2bb5a5b467689811ba097b2eff+10
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-m89v-jrp4-5q36: In the Linux kernel, the following vulnerability has been resolved:
benet: fix BUG when creating VFs
benet crashes as soon as SRIOV VFs are created:↗2025-08-19
OSV▶
CVE-2025-38569: In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: k↗2025-08-19