Impact
The net/mana driver in the Linux kernel constructs per‑device debugfs directories using a hard‑coded "0" for physical functions and the result of pci_slot_name(pdev->slot) for virtual functions. In environments where pdev->slot is NULL, such as some VFIO passthrough or nested KVM scenarios, pci_slot_name() dereferences a NULL pointer, causing a kernel Oops. Multiple physical functions using the same name \"0\" and virtual functions across domains or buses can also collide, leading to debugfs_create_dir() returning –EEXIST. Both scenarios trigger denial of service by crashing the kernel or preventing debugfs entry creation.
Affected Systems
Linux kernel versions that include the net/mana driver before the commit changing the debugfs directory naming are affected. No specific version range is listed, so any kernel with this driver in its default configuration prior to the patch is at risk. The vendor is Linux and the product is the Linux kernel.
Risk and Exploitability
The flaw remains local only; an attacker must be able to trigger driver initialization or reload while the kernel is active. A local user who can reload the module or provoke driver re‑initialization, for example by rebooting, disabling and re‑loading the driver, or manipulating device hotplug events, could force a kernel crash or prevent debugfs entry creation. The CVSS score is 5.5, the EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating moderate severity but a relatively low likelihood of exploitation in typical environments.
OpenCVE Enrichment