PT-2025-35956 · Linux +1 · Linux Kernel +1
Published
2025-09-04
·
Updated
2025-09-04
·
CVE-2025-38683
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
**Name of the Vulnerable Software and Affected Versions:**
Linux kernel versions prior to 6.16.0-rc4+ #3
**Description:**
A flaw exists in the Linux kernel’s `hv netvsc` component where a panic can occur during namespace deletion with Virtual Functions (VF). The issue arises from moving a VF NIC to a new namespace during `NETDEV REGISTER` on a netvsc NIC. During namespace deletion, the `default device exit batch()` function, specifically `default device exit net()`, fails to detect the end of a list, leading to a NULL pointer dereference.
**Recommendations:**
Update to Linux kernel version 6.16.0-rc4+ #3 or a later version to resolve this issue.
Related Identifiers
CVE-2025-38683
Affected Products
Debian
Linux Kernel
References · 14
- https://security-tracker.debian.org/tracker/source-package/linux · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-38683 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38683 · Security Note
- https://security-tracker.debian.org/tracker/CVE-2025-38683 · Vendor Advisory
- https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318 · Note
- https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc · Note
- https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce · Note
- https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774 · Note
- https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234 · Note
- https://twitter.com/CVEnew/status/1963644659210559916 · Twitter Post
- https://packages.debian.org/src:linux · Note
- https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010 · Note
- https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b · Note
- https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c · Note