Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38569

In the Linux kernel, the following vulnerability has been resolved:

benet: fix BUG when creating VFs

benet crashes as soon as SRIOV VFs are created:

kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: <TASK> __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0

be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.

  • Published: Aug 19, 2025
  • Updated: Jan 9, 2026
  • CVE: CVE-2025-38569
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 5.4.291 5.4.297
linux / linux_kernel 5.10.235 5.10.241
linux / linux_kernel 5.15.179 5.15.190
linux / linux_kernel 6.1.131 6.1.148
linux / linux_kernel 6.6.83 6.6.102
linux / linux_kernel 6.12.19 6.12.42
linux / linux_kernel 6.13.7 6.14
linux / linux_kernel 6.14.1 6.15.10
linux / linux_kernel 6.16 6.16.1
linux / linux_kernel 6.14 6.14.x
linux / linux_kernel 6.14-rc6 6.14-rc6.x
linux / linux_kernel 6.14-rc7 6.14-rc7.x
debian / debian_linux 11.0 11.0.x