cbcvebase.
CVE-2025-38683
published 2025-09-04

CVE-2025-38683: In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to…

medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_batch() >> default_device_exit_net() is called. When netvsc NIC is moved back and registered to the default namespace, it automatically brings VF NIC back to the default namespace. This will cause the default_device_exit_net() >> for_each_netdev_safe loop unable to detect the list end, and hit NULL ptr: [ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0 [ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 231.450246] #PF: supervisor read access in kernel mode [ 231.450579] #PF: error_code(0x0000) - not-present page [ 231.450916] PGD 17b8a8067 P4D 0 [ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI [ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY [ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 231.452692] Workqueue: netns cleanup_net [ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0 [ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00 [ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246 [ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb [ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564 [ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000 [ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340 [ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340 [ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS

Affected

50 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 6.1.153-1 (bookworm)linux 6.1.153-1 (bookworm)
debianlinux-6.1< linux 6.1.153-1 (bookworm)linux 6.1.153-1 (bookworm)
linuxlinux
linuxlinux
linuxlinux
linuxlinux
linuxlinux>= 3eb6aa870057da9f1304db660f68b9c2eb7e856d < 3ca41ab55d23a0aa71661a5a56a8f06c11db90dc3ca41ab55d23a0aa71661a5a56a8f06c11db90dc
linuxlinux>= 4.19.323 < 4.204.20
linuxlinux>= 4c262801ea60c518b5bebc22a09f5b78b3147da2 < d036104947176d030bec64792d54e1b4f4c7f318d036104947176d030bec64792d54e1b4f4c7f318
linuxlinux>= 4c262801ea60c518b5bebc22a09f5b78b3147da2 < 5276896e6923ebe8c68573779d784aaf7d987cce5276896e6923ebe8c68573779d784aaf7d987cce
linuxlinux>= 4c262801ea60c518b5bebc22a09f5b78b3147da2 < 4293f6c5ccf735b26afeb6825def14d830e0367b4293f6c5ccf735b26afeb6825def14d830e0367b
linuxlinux>= 4c262801ea60c518b5bebc22a09f5b78b3147da2 < 33caa208dba6fa639e8a92fd0c8320b652e5550c33caa208dba6fa639e8a92fd0c8320b652e5550c
linuxlinux>= 4faa6e3e66b3251eb4bf5761d2f3f0f14095aaca < 4eff1e57a8ef98d70451b94e8437e458b27dd2344eff1e57a8ef98d70451b94e8437e458b27dd234
linuxlinux>= 5.10.229 < 5.10.2415.10.241
linuxlinux>= 5.15.170 < 5.15.1905.15.190
linuxlinux>= 5.4.285 < 5.55.5
linuxlinux>= 6.1.115 < 6.1.1496.1.149
linuxlinux>= 6.11.6 < 6.126.12
linuxlinux>= 6.6.59 < 6.6.1036.6.103
linuxlinux>= 62c85b9a0dd7471a362170323e1211ad98ff7b4b < 2a70cbd1aef8b8be39992ab7b776ce13900917742a70cbd1aef8b8be39992ab7b776ce1390091774
linuxlinux>= b7a396f76ada277d049558db648389456458af65 < 3467c4ebb334658c6fcf3eabb64a6e8b2135e0103467c4ebb334658c6fcf3eabb64a6e8b2135e010
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.10.244-15.10.244-1

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv7.8HIGH