CVE-2025-38735
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's gve driver where an ethtool operation can be invoked after the shutdown() function has been called. During shutdown(), most internal data structures are torn down, but the device may still appear visible to userspace. If an ethtool operation is dispatched after shutdown(), it can dereference freed or NULL pointers, causing a kernel panic (crash). The issue arises because shutdown() stops DMA operations without fully unregistering the device, allowing ethtool operations to be called on an invalid device state.
How can this vulnerability impact me? :
This vulnerability can cause a system crash (kernel panic) if an ethtool operation is performed after the device has been shut down. This can lead to system instability or downtime, especially in environments where forced shutdowns occur, such as on Google Cloud Platform virtual machines. The crash may disrupt services and require a system reboot to recover.
What immediate steps should I take to mitigate this vulnerability?
Apply the fix that calls netif_device_detach() in the shutdown() path for the gve driver. This marks the device as detached so that ethtool ioctl operations will be skipped after shutdown, preventing kernel panic. Avoid forced shutdowns that may trigger ethtool operations after shutdown. Ensure your Linux kernel is updated with this fix.