Acknowledged
Created: Sep 7, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]gve: prevent ethtool ops after shutdown[EOL][EOL]A crash can occur if an ethtool operation is invoked[EOL]after shutdown() is called.[EOL][EOL]shutdown() is invoked during system shutdown to stop DMA operations[EOL]without performing expensive deallocations. It is discouraged to[EOL]unregister the netdev in this path, so the device may still be visible[EOL]to userspace and kernel helpers.[EOL][EOL]In gve, shutdown() tears down most internal data structures. If an[EOL]ethtool operation is dispatched after shutdown(), it will dereference[EOL]freed or NULL pointers, leading to a kernel panic. While graceful[EOL]shutdown normally quiesces userspace before invoking the reboot[EOL]syscall, forced shutdowns (as observed on GCP VMs) can still trigger[EOL]this path.[EOL][EOL]Fix by calling netif_device_detach() in shutdown().[EOL]This marks the device as detached so the ethtool ioctl handler[EOL]will skip dispatching operations to the driver.
CREATE(Triage):(User=admin) [CVE-2025-38735 (https://nvd.nist.gov/vuln/detail/CVE-2025-38735)
