LiveActive security incident?Get immediate response
CVE Record

CVE-2025-38569: benet: fix BUG when creating VFs

In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: <TASK> __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0 be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue can crash a system when SR-IOV virtual functions are created for the affected benet/be2net path. The business impact is mainly availability for hosts using this driver and SR-IOV. There is no cited evidence of active exploitation, and no CVSS score is provided.

Executive priority

Prioritize patching virtualization or network hosts that use SR-IOV with the affected Linux driver path. This is not currently evidenced as internet-exploited, but it can cause host instability where the affected configuration exists.

Technical view

The bug is in Linux kernel benet/be2net VF setup. be_cmd_set_mac_list() called dma_free_coherent() while under spin_lock_bh, leading to a kernel BUG in vunmap during SR-IOV VF creation. Stable kernel commits move the free operation until after the lock is released.

Likely exposure

Exposure appears limited to Linux systems on affected kernel versions where the benet/be2net driver path is present and SR-IOV VFs are created. Systems not using this driver or SR-IOV are less likely to encounter the crash based on the provided evidence.

Exploitation context

The source describes a reproducible kernel crash during VF creation, not a remote exploit. KEV is false, and the provided sources do not report active exploitation or public weaponization. Triggering appears tied to SR-IOV configuration activity on an affected host.

Researcher notes

The evidence supports an availability bug caused by freeing coherent DMA memory while a spin lock is held. The affected-version data is kernel-version and commit based. No CWE, CVSS vector, proof of exploitation, or non-Linux affected product evidence is provided.

Mitigation direction

  • Update to a kernel release containing the stable fix for CVE-2025-38569.
  • Review Debian LTS advisories if running Debian-packaged kernels.
  • Check vendor kernel guidance for downstream fixed package versions.
  • Avoid creating SR-IOV VFs on affected hosts until patched, where operationally feasible.

Validation and detection

  • Inventory Linux kernel versions against the affected and fixed versions in the CVE record.
  • Identify hosts using SR-IOV with the benet/be2net driver path.
  • Confirm the applicable stable commit or downstream package fix is installed.
  • Review kernel logs for BUG/Oops traces involving be2net, vunmap, or VF setup.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2025-38569 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
12Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux797bb9439c0489bbea4b8808297ec7a569098667, 7cfae8627511361f90a1a22dfae556c3fbc5bd8d, 671aaa17bd3153e25526934f92307169ce927b5e, 4393452e6c0c027971ec9bcc9557f52e63db3f0a, 41d731e7920387ea13e2fb440a1e235686faeeb9, fd1ef3b1bdd3fec683ebd19eb3acc6a2cb60b5c6, 1a82d19ca2d6835904ee71e2d40fd331098f94a0, 1a82d19ca2d6835904ee71e2d40fd331098f94a0, 1a82d19ca2d6835904ee71e2d40fd331098f94a0, 227a829c9067bf03b1967e7e0b1a6777fd57edef, 5.4.291, 5.10.235, 5.15.179, 6.1.131, 6.6.83, 6.12.19, 6.13.7unaffected
LinuxLinux6.14, 0, 5.4.297, 5.10.241, 5.15.190, 6.1.148, 6.6.102, 6.12.42, 6.15.10, 6.16.1, 6.17affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.