{"api_version":"1","generated_at":"2026-07-13T03:00:45+00:00","cve":"CVE-2025-38735","urls":{"html":"https://cve.report/CVE-2025-38735","api":"https://cve.report/api/cve/CVE-2025-38735.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-38735","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-38735"},"summary":{"title":"gve: prevent ethtool ops after shutdown","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ngve: prevent ethtool ops after shutdown\n\nA crash can occur if an ethtool operation is invoked\nafter shutdown() is called.\n\nshutdown() is invoked during system shutdown to stop DMA operations\nwithout performing expensive deallocations. It is discouraged to\nunregister the netdev in this path, so the device may still be visible\nto userspace and kernel helpers.\n\nIn gve, shutdown() tears down most internal data structures. If an\nethtool operation is dispatched after shutdown(), it will dereference\nfreed or NULL pointers, leading to a kernel panic. While graceful\nshutdown normally quiesces userspace before invoking the reboot\nsyscall, forced shutdowns (as observed on GCP VMs) can still trigger\nthis path.\n\nFix by calling netif_device_detach() in shutdown().\nThis marks the device as detached so the ethtool ioctl handler\nwill skip dispatching operations to the driver.","state":"PUBLISHED","assigner":"Linux","published_at":"2025-09-05 18:15:42","updated_at":"2026-05-12 13:17:03"},"problem_types":["CWE-476"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/a7efffeecb881b4649fdc30de020ef910f35d646","name":"https://git.kernel.org/stable/c/a7efffeecb881b4649fdc30de020ef910f35d646","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","name":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ba51d73408edf815cbaeab148625576c2dd90192","name":"https://git.kernel.org/stable/c/ba51d73408edf815cbaeab148625576c2dd90192","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/48a4e89d50e8ea52e800bc7865970b92fcf4647c","name":"https://git.kernel.org/stable/c/48a4e89d50e8ea52e800bc7865970b92fcf4647c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9d8a41e9a4ff83ff666de811e7f012167cdc00e9","name":"https://git.kernel.org/stable/c/9d8a41e9a4ff83ff666de811e7f012167cdc00e9","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/75a9a46d67f46d608205888f9b34e315c1786345","name":"https://git.kernel.org/stable/c/75a9a46d67f46d608205888f9b34e315c1786345","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-38735","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38735","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 974365e518617c9ce917f61aacbba07e4bedcca0 48a4e89d50e8ea52e800bc7865970b92fcf4647c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 974365e518617c9ce917f61aacbba07e4bedcca0 ba51d73408edf815cbaeab148625576c2dd90192 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 974365e518617c9ce917f61aacbba07e4bedcca0 a7efffeecb881b4649fdc30de020ef910f35d646 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 974365e518617c9ce917f61aacbba07e4bedcca0 9d8a41e9a4ff83ff666de811e7f012167cdc00e9 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 974365e518617c9ce917f61aacbba07e4bedcca0 75a9a46d67f46d608205888f9b34e315c1786345 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.17","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.17 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.149 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.103 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.44 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.16.4 6.16.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.17 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC CN 4100","version":"affected V5.0 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"38735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-03T17:42:05.176Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC CN 4100","vendor":"Siemens","versions":[{"lessThan":"V5.0","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:06:01.502Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/ethernet/google/gve/gve_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"48a4e89d50e8ea52e800bc7865970b92fcf4647c","status":"affected","version":"974365e518617c9ce917f61aacbba07e4bedcca0","versionType":"git"},{"lessThan":"ba51d73408edf815cbaeab148625576c2dd90192","status":"affected","version":"974365e518617c9ce917f61aacbba07e4bedcca0","versionType":"git"},{"lessThan":"a7efffeecb881b4649fdc30de020ef910f35d646","status":"affected","version":"974365e518617c9ce917f61aacbba07e4bedcca0","versionType":"git"},{"lessThan":"9d8a41e9a4ff83ff666de811e7f012167cdc00e9","status":"affected","version":"974365e518617c9ce917f61aacbba07e4bedcca0","versionType":"git"},{"lessThan":"75a9a46d67f46d608205888f9b34e315c1786345","status":"affected","version":"974365e518617c9ce917f61aacbba07e4bedcca0","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/net/ethernet/google/gve/gve_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"5.17"},{"lessThan":"5.17","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.149","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.103","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.44","versionType":"semver"},{"lessThanOrEqual":"6.16.*","status":"unaffected","version":"6.16.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.17","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.149","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.103","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.44","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.16.4","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.17","versionStartIncluding":"5.17","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngve: prevent ethtool ops after shutdown\n\nA crash can occur if an ethtool operation is invoked\nafter shutdown() is called.\n\nshutdown() is invoked during system shutdown to stop DMA operations\nwithout performing expensive deallocations. It is discouraged to\nunregister the netdev in this path, so the device may still be visible\nto userspace and kernel helpers.\n\nIn gve, shutdown() tears down most internal data structures. If an\nethtool operation is dispatched after shutdown(), it will dereference\nfreed or NULL pointers, leading to a kernel panic. While graceful\nshutdown normally quiesces userspace before invoking the reboot\nsyscall, forced shutdowns (as observed on GCP VMs) can still trigger\nthis path.\n\nFix by calling netif_device_detach() in shutdown().\nThis marks the device as detached so the ethtool ioctl handler\nwill skip dispatching operations to the driver."}],"providerMetadata":{"dateUpdated":"2026-05-11T21:33:58.379Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/48a4e89d50e8ea52e800bc7865970b92fcf4647c"},{"url":"https://git.kernel.org/stable/c/ba51d73408edf815cbaeab148625576c2dd90192"},{"url":"https://git.kernel.org/stable/c/a7efffeecb881b4649fdc30de020ef910f35d646"},{"url":"https://git.kernel.org/stable/c/9d8a41e9a4ff83ff666de811e7f012167cdc00e9"},{"url":"https://git.kernel.org/stable/c/75a9a46d67f46d608205888f9b34e315c1786345"}],"title":"gve: prevent ethtool ops after shutdown","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2025-38735","datePublished":"2025-09-05T17:20:35.459Z","dateReserved":"2025-04-16T04:51:24.034Z","dateUpdated":"2026-05-12T12:06:01.502Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-05 18:15:42","lastModifiedDate":"2026-05-12 13:17:03","problem_types":["CWE-476"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.149","matchCriteriaId":"17F234E1-F0D0-46C2-8468-EF468C6127D8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.103","matchCriteriaId":"F2293654-7169-49B5-8D0D-EE51EF8B8E48"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.44","matchCriteriaId":"12351F24-1133-4775-960C-F2B47E81298B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.16.4","matchCriteriaId":"AFC28995-B8C3-4B68-8CB6-78E792B6629D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*","matchCriteriaId":"327D22EF-390B-454C-BD31-2ED23C998A1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*","matchCriteriaId":"C730CD9A-D969-4A8E-9522-162AAF7C0EE9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"38735","Ordinal":"1","Title":"gve: prevent ethtool ops after shutdown","CVE":"CVE-2025-38735","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"38735","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\ngve: prevent ethtool ops after shutdown\n\nA crash can occur if an ethtool operation is invoked\nafter shutdown() is called.\n\nshutdown() is invoked during system shutdown to stop DMA operations\nwithout performing expensive deallocations. It is discouraged to\nunregister the netdev in this path, so the device may still be visible\nto userspace and kernel helpers.\n\nIn gve, shutdown() tears down most internal data structures. If an\nethtool operation is dispatched after shutdown(), it will dereference\nfreed or NULL pointers, leading to a kernel panic. While graceful\nshutdown normally quiesces userspace before invoking the reboot\nsyscall, forced shutdowns (as observed on GCP VMs) can still trigger\nthis path.\n\nFix by calling netif_device_detach() in shutdown().\nThis marks the device as detached so the ethtool ioctl handler\nwill skip dispatching operations to the driver.","Type":"Description","Title":"gve: prevent ethtool ops after shutdown"}]}}}