CVE-2025-38569 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

benet: fix BUG when creating VFs

benet crashes as soon as SRIOV VFs are created:

kernel BUG at mm/vmalloc.c:3457!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)
[...]
RIP: 0010:vunmap+0x5f/0x70
[...]
Call Trace:
<TASK>
__iommu_dma_free+0xe8/0x1c0
be_cmd_set_mac_list+0x3fe/0x640 [be2net]
be_cmd_set_mac+0xaf/0x110 [be2net]
be_vf_eth_addr_config+0x19f/0x330 [be2net]
be_vf_setup+0x4f7/0x990 [be2net]
be_pci_sriov_configure+0x3a1/0x470 [be2net]
sriov_numvfs_store+0x20b/0x380
kernfs_fop_write_iter+0x354/0x530
vfs_write+0x9b9/0xf60
ksys_write+0xf3/0x1d0
do_syscall_64+0x8c/0x3d0

be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.
Fix it by freeing only after the lock has been released.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d
https://git.kernel.org/stable/c/3697e37e012bbd2bb5a5b467689811ba097b2eff
https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700
https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63
https://git.kernel.org/stable/c/975e73b9102d844a3dc3f091ad631c56145c8b4c
https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546
https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b
https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e
https://git.kernel.org/stable/c/f80b34ebc579216407b128e9d155bfcae875c30f
https://lore.kernel.org/linux-cve-announce/2025081909-CVE-2025-38569-7ad5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38569
https://www.cve.org/CVERecord?id=CVE-2025-38569

History

Thu, 28 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/3697e37e012bbd2bb5a5b467689811ba097b2eff https://git.kernel.org/stable/c/975e73b9102d844a3dc3f091ad631c56145c8b4c https://git.kernel.org/stable/c/f80b34ebc579216407b128e9d155bfcae875c30f

Thu, 21 Aug 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Wed, 20 Aug 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025081909-CVE-2025-38569-7ad5@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38569 https://www.cve.org/CVERecord?id=CVE-2025-38569
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Tue, 19 Aug 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: <TASK> __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.
Title		benet: fix BUG when creating VFs
References		https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700 https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63 https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546 https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-08-19T17:02:49.987Z

Updated: 2025-09-29T05:53:58.352Z

Reserved: 2025-04-16T04:51:24.025Z

Link: CVE-2025-38569

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-08-19T17:15:33.663

Modified: 2025-08-28T15:15:53.463

Link: CVE-2025-38569

Redhat

Severity : Moderate

Publid Date: 2025-08-19T00:00:00Z

Links: CVE-2025-38569 - Bugzilla

OpenCVE Enrichment

Updated: 2025-08-21T12:31:34Z

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object