{"id":"CVE-2025-38683","summary":"hv_netvsc: Fix panic during namespace deletion with VF","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[  231.450246] #PF: supervisor read access in kernel mode\n[  231.450579] #PF: error_code(0x0000) - not-present page\n[  231.450916] PGD 17b8a8067 P4D 0\n[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[  231.452692] Workqueue: netns cleanup_net\n[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[  231.458434] Call Trace:\n[  231.458600]  \u003cTASK\u003e\n[  231.458777]  ops_undo_list+0x100/0x220\n[  231.459015]  cleanup_net+0x1b8/0x300\n[  231.459285]  process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it.","modified":"2026-03-20T12:42:58.495830Z","published":"2025-09-04T15:32:38.215Z","related":["MGASA-2025-0234","MGASA-2025-0235","SUSE-SU-2025:03600-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38683.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2a70cbd1aef8b8be39992ab7b776ce1390091774"},{"type":"WEB","url":"https://git.kernel.org/stable/c/33caa208dba6fa639e8a92fd0c8320b652e5550c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3467c4ebb334658c6fcf3eabb64a6e8b2135e010"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ca41ab55d23a0aa71661a5a56a8f06c11db90dc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4293f6c5ccf735b26afeb6825def14d830e0367b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4eff1e57a8ef98d70451b94e8437e458b27dd234"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5276896e6923ebe8c68573779d784aaf7d987cce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d036104947176d030bec64792d54e1b4f4c7f318"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38683.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38683"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3eb6aa870057da9f1304db660f68b9c2eb7e856d"},{"fixed":"3ca41ab55d23a0aa71661a5a56a8f06c11db90dc"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b7a396f76ada277d049558db648389456458af65"},{"fixed":"3467c4ebb334658c6fcf3eabb64a6e8b2135e010"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4faa6e3e66b3251eb4bf5761d2f3f0f14095aaca"},{"fixed":"4eff1e57a8ef98d70451b94e8437e458b27dd234"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"62c85b9a0dd7471a362170323e1211ad98ff7b4b"},{"fixed":"2a70cbd1aef8b8be39992ab7b776ce1390091774"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4c262801ea60c518b5bebc22a09f5b78b3147da2"},{"fixed":"d036104947176d030bec64792d54e1b4f4c7f318"},{"fixed":"5276896e6923ebe8c68573779d784aaf7d987cce"},{"fixed":"4293f6c5ccf735b26afeb6825def14d830e0367b"},{"fixed":"33caa208dba6fa639e8a92fd0c8320b652e5550c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"7abd221a55a61b6b2bf0e80f850bfc0ae75c7e01"},{"last_affected":"31a38a908c98aebc7a1104dab5f1ba199f234b7b"},{"last_affected":"04d748d4bd2d86739b159563f257e3dc5492c88d"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38683.json"}}],"schema_version":"1.7.5"}