CVE-2025-38270 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napi_complete() from netpoll netdevsim supports netpoll. Make sure we don't call napi_complete() from it, since it may not be scheduled. Breno reports hitting a warning in napi_complete_done(): WARNING: CPU: 14 PID: 104 at net/core/dev.c:6592 napi_complete_done+0x2cc/0x560 __napi_poll+0x2d8/0x3a0 handle_softirqs+0x1fe/0x710 This is presumably after netpoll stole the SCHED bit prematurely.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1264971017b4d7141352a7fe29021bdfce5d885d
https://git.kernel.org/stable/c/6837dd877270c57689bd866de9f3de14172c2439
https://git.kernel.org/stable/c/a8ff2e362d901200a1075c3ca9c56d9c7bbef389
https://lore.kernel.org/linux-cve-announce/2025071008-CVE-2025-38270-c7b0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38270
https://www.cve.org/CVERecord?id=CVE-2025-38270

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00017}`	epss `{'score': 0.00022}`

Fri, 11 Jul 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025071008-CVE-2025-38270-c7b0@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38270 https://www.cve.org/CVERecord?id=CVE-2025-38270
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Thu, 10 Jul 2025 08:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napi_complete() from netpoll netdevsim supports netpoll. Make sure we don't call napi_complete() from it, since it may not be scheduled. Breno reports hitting a warning in napi_complete_done(): WARNING: CPU: 14 PID: 104 at net/core/dev.c:6592 napi_complete_done+0x2cc/0x560 __napi_poll+0x2d8/0x3a0 handle_softirqs+0x1fe/0x710 This is presumably after netpoll stole the SCHED bit prematurely.
Title		net: drv: netdevsim: don't napi_complete() from netpoll
References		https://git.kernel.org/stable/c/1264971017b4d7141352a7fe29021bdfce5d885d https://git.kernel.org/stable/c/6837dd877270c57689bd866de9f3de14172c2439 https://git.kernel.org/stable/c/a8ff2e362d901200a1075c3ca9c56d9c7bbef389

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-10T07:41:52.475Z

Updated: 2025-07-28T04:16:51.162Z

Reserved: 2025-04-16T04:51:23.998Z

Link: CVE-2025-38270

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-10T08:15:25.197

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-38270

Redhat

Severity : Moderate

Publid Date: 2025-07-10T00:00:00Z

Links: CVE-2025-38270 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object