CVE-2025-38569

benet: fix BUG when creating VFs

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: <TASK> __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.
Fix it by freeing only after the lock has been released.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: benet: se corrige un ERROR al crear VF. benet se bloquea tan pronto como se crean los VF SRIOV: ¡ERROR del kernel en mm/vmalloc.c:3457! Oops: código de operación no válido: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: cargado No contaminado 6.16.0+ #1 PREEMPT(voluntario) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Rastreo de llamadas: __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() bajo un spin_lock_bh. Para solucionarlo, libere el bloqueo solo después de liberarlo.

In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: <TASK> __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-08-19 CVE Published
2025-11-03 CVE Updated
2026-03-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
https://git.kernel.org/stable/c/797bb9439c0489bbea4b8808297ec7a569098667	Vuln. Introduced
https://git.kernel.org/stable/c/7cfae8627511361f90a1a22dfae556c3fbc5bd8d	Vuln. Introduced
https://git.kernel.org/stable/c/671aaa17bd3153e25526934f92307169ce927b5e	Vuln. Introduced
https://git.kernel.org/stable/c/4393452e6c0c027971ec9bcc9557f52e63db3f0a	Vuln. Introduced
https://git.kernel.org/stable/c/41d731e7920387ea13e2fb440a1e235686faeeb9	Vuln. Introduced
https://git.kernel.org/stable/c/fd1ef3b1bdd3fec683ebd19eb3acc6a2cb60b5c6	Vuln. Introduced
https://git.kernel.org/stable/c/1a82d19ca2d6835904ee71e2d40fd331098f94a0	Vuln. Introduced
https://git.kernel.org/stable/c/227a829c9067bf03b1967e7e0b1a6777fd57edef	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3697e37e012bbd2bb5a5b467689811ba097b2eff	2025-08-28
https://git.kernel.org/stable/c/975e73b9102d844a3dc3f091ad631c56145c8b4c	2025-08-28
https://git.kernel.org/stable/c/f80b34ebc579216407b128e9d155bfcae875c30f	2025-08-28
https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700	2025-08-15
https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546	2025-08-15
https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d	2025-08-15
https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b	2025-08-15
https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e	2025-08-15
https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63	2025-08-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.291 < 5.4.297 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.291 < 5.4.297"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.235 < 5.10.241 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.235 < 5.10.241"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.179 < 5.15.190 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.179 < 5.15.190"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.131 < 6.1.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.131 < 6.1.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.83 < 6.6.102 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.83 < 6.6.102"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12.19 < 6.12.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12.19 < 6.12.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.14 < 6.15.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.14 < 6.15.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.14 < 6.16.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.14 < 6.16.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.14 < 6.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.14 < 6.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.13.7 Search vendor "Linux" for product "Linux Kernel" and version "6.13.7"		en		Affected