CVE-2025-38683

EUVD-2025-26786
In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: Fix panic during namespace deletion with VF

The existing code move the VF NIC to new namespace when NETDEV_REGISTER is
received on netvsc NIC. During deletion of the namespace,
default_device_exit_batch() >> default_device_exit_net() is called. When
netvsc NIC is moved back and registered to the default namespace, it
automatically brings VF NIC back to the default namespace. This will cause
the default_device_exit_net() >> for_each_netdev_safe loop unable to detect
the list end, and hit NULL ptr:

[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0
[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010
[  231.450246] #PF: supervisor read access in kernel mode
[  231.450579] #PF: error_code(0x0000) - not-present page
[  231.450916] PGD 17b8a8067 P4D 0
[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI
[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY
[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024
[  231.452692] Workqueue: netns cleanup_net
[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0
[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00
[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246
[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb
[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564
[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000
[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340
[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340
[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000
[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0
[  231.458434] Call Trace:
[  231.458600]  <TASK>
[  231.458777]  ops_undo_list+0x100/0x220
[  231.459015]  cleanup_net+0x1b8/0x300
[  231.459285]  process_one_work+0x184/0x340

To fix it, move the ns change to a workqueue, and take rtnl_lock to avoid
changing the netdev list when default_device_exit_net() is using it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
siemens-SADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.19.323 ≤
𝑥
< 4.20
linuxlinux_kernel
5.4.285 ≤
𝑥
< 5.5
linuxlinux_kernel
5.10.229 ≤
𝑥
< 5.10.241
linuxlinux_kernel
5.15.170 ≤
𝑥
< 5.15.190
linuxlinux_kernel
6.1.115 ≤
𝑥
< 6.1.149
linuxlinux_kernel
6.6.59 ≤
𝑥
< 6.6.103
linuxlinux_kernel
6.11.6 ≤
𝑥
< 6.12
linuxlinux_kernel
6.12.1 ≤
𝑥
< 6.12.43
linuxlinux_kernel
6.13 ≤
𝑥
< 6.15.11
linuxlinux_kernel
6.16 ≤
𝑥
< 6.16.2
linuxlinux_kernel
6.12
linuxlinux_kernel
6.12:rc5
linuxlinux_kernel
6.12:rc6
linuxlinux_kernel
6.12:rc7
linuxlinux_kernel
6.17:rc1
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensSIMATIC CN 4100
𝑥
< V5.0
ADP
siemenssimatic_cn_4100
𝑥
< 5.0
ADP
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.257-1
fixed
forky
7.0.9-1
fixed
sid
7.0.10-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
linux-6.1
bullseye (security)
6.1.174-1~deb11u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
dlm-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
gfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-64kb
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
kernel-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.18.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.18.1
fixed
kernel-default
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
kernel-default-base
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1.150600.12.32.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1.150700.17.15.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1.150600.12.32.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1.150700.17.15.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1.150500.6.59.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1.150600.12.32.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1.150700.17.15.1
fixed
kernel-docs
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
kernel-macros
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
kernel-source
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
kernel-source-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.18.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.18.1
fixed
kernel-syms
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
kernel-syms-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.18.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.18.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.22.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.22.1
fixed
ocfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
reiserfs-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774
https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c
https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010
https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc
https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b
https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234
https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce
https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://cert-portal.siemens.com/productcert/html/ssa-032379.html