In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: <TASK> __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d cve-icon cve-icon
https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700 cve-icon cve-icon
https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63 cve-icon cve-icon
https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546 cve-icon cve-icon
https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b cve-icon cve-icon
https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025081909-CVE-2025-38569-7ad5@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38569 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38569 cve-icon
History

Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Wed, 20 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Tue, 19 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: <TASK> __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.
Title benet: fix BUG when creating VFs
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-08-19T17:02:49.987Z

Reserved: 2025-04-16T04:51:24.025Z

Link: CVE-2025-38569

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-19T17:15:33.663

Modified: 2025-08-20T14:40:17.713

Link: CVE-2025-38569

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-08-19T00:00:00Z

Links: CVE-2025-38569 - Bugzilla