In the Linux kernel, the following vulnerability has been resolved:
benet: fix BUG when creating VFs
benet crashes as soon as SRIOV VFs are created:
kernel BUG at mm/vmalloc.c:3457!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)
[...]
RIP: 0010:vunmap+0x5f/0x70
[...]
Call Trace:
<TASK>
__iommu_dma_free+0xe8/0x1c0
be_cmd_set_mac_list+0x3fe/0x640 [be2net]
be_cmd_set_mac+0xaf/0x110 [be2net]
be_vf_eth_addr_config+0x19f/0x330 [be2net]
be_vf_setup+0x4f7/0x990 [be2net]
be_pci_sriov_configure+0x3a1/0x470 [be2net]
sriov_numvfs_store+0x20b/0x380
kernfs_fop_write_iter+0x354/0x530
vfs_write+0x9b9/0xf60
ksys_write+0xf3/0x1d0
do_syscall_64+0x8c/0x3d0
be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.
Fix it by freeing only after the lock has been released.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can crash a system when SR-IOV virtual functions are created for the affected benet/be2net path. The business impact is mainly availability for hosts using this driver and SR-IOV. There is no cited evidence of active exploitation, and no CVSS score is provided.
Executive priority
Prioritize patching virtualization or network hosts that use SR-IOV with the affected Linux driver path. This is not currently evidenced as internet-exploited, but it can cause host instability where the affected configuration exists.
Technical view
The bug is in Linux kernel benet/be2net VF setup. be_cmd_set_mac_list() called dma_free_coherent() while under spin_lock_bh, leading to a kernel BUG in vunmap during SR-IOV VF creation. Stable kernel commits move the free operation until after the lock is released.
Likely exposure
Exposure appears limited to Linux systems on affected kernel versions where the benet/be2net driver path is present and SR-IOV VFs are created. Systems not using this driver or SR-IOV are less likely to encounter the crash based on the provided evidence.
Exploitation context
The source describes a reproducible kernel crash during VF creation, not a remote exploit. KEV is false, and the provided sources do not report active exploitation or public weaponization. Triggering appears tied to SR-IOV configuration activity on an affected host.
Researcher notes
The evidence supports an availability bug caused by freeing coherent DMA memory while a spin lock is held. The affected-version data is kernel-version and commit based. No CWE, CVSS vector, proof of exploitation, or non-Linux affected product evidence is provided.
Mitigation direction
Update to a kernel release containing the stable fix for CVE-2025-38569.
Review Debian LTS advisories if running Debian-packaged kernels.
Check vendor kernel guidance for downstream fixed package versions.
Avoid creating SR-IOV VFs on affected hosts until patched, where operationally feasible.
Validation and detection
Inventory Linux kernel versions against the affected and fixed versions in the CVE record.
Identify hosts using SR-IOV with the benet/be2net driver path.
Confirm the applicable stable commit or downstream package fix is installed.
Review kernel logs for BUG/Oops traces involving be2net, vunmap, or VF setup.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2025-38569 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
12Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Aug 19, 2025, 17:02 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.