CVE-2025-38683

{"id": "CVE-2025-38683", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-04T16:15:36.047", "references": [{"url": "https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() >> default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() >> for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[ 231.450246] #PF: supervisor read access in kernel mode\n[ 231.450579] #PF: error_code(0x0000) - not-present page\n[ 231.450916] PGD 17b8a8067 P4D 0\n[ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 231.452692] Workqueue: netns cleanup_net\n[ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[ 231.458434] Call Trace:\n[ 231.458600] <TASK>\n[ 231.458777] ops_undo_list+0x100/0x220\n[ 231.459015] cleanup_net+0x1b8/0x300\n[ 231.459285] process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it."}], "lastModified": "2026-01-08T22:32:21.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "463063B3-3A9A-420D-A07B-46284CE30207", "versionEndExcluding": "4.20", "versionStartIncluding": "4.19.323"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F89CEF5-BEBB-4C4B-925A-D5644DDD9764", "versionEndExcluding": "5.5", "versionStartIncluding": "5.4.285"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BEE7BE4-DD51-4965-BE45-9AA93668961A", "versionEndExcluding": "5.10.241", "versionStartIncluding": "5.10.229"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DDB0CCE-5986-4161-849C-DAAC9C143FF7", "versionEndExcluding": "5.15.190", "versionStartIncluding": "5.15.170"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05BCB5D7-DADF-4EFF-8A79-2747786F5D5D", "versionEndExcluding": "6.1.149", "versionStartIncluding": "6.1.115"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72F4746B-181A-4551-881E-A3337078319E", "versionEndExcluding": "6.6.103", "versionStartIncluding": "6.6.59"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC327455-C86D-4E78-8BC8-2E5301DD5835", "versionEndExcluding": "6.12", "versionStartIncluding": "6.11.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76C98B07-4B8E-42CC-ABB3-BB451A38D280", "versionEndExcluding": "6.12.43", "versionStartIncluding": "6.12.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC242347-F722-43AE-B910-BE0B22386977", "versionEndExcluding": "6.15.11", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD7C087D-2415-4521-B624-30003352F899", "versionEndExcluding": "6.16.2", "versionStartIncluding": "6.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E698080-7669-4132-8817-4C674EEBCE54"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "327D22EF-390B-454C-BD31-2ED23C998A1C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}