PatchSiren cyber security CVE debrief
CVE-2025-38683 Cert Portal CVE debrief
CVE-2025-38683 describes a Linux kernel panic in the hv_netvsc networking path when a VF is moved back to the default namespace during network-namespace deletion. The supplied advisory text says the list of network devices can be modified while default_device_exit_net() is iterating, leading to a NULL pointer dereference and system crash. The stated fix is to defer the namespace change to a workqueue and use rtnl_lock so the netdev list is not changed while it is being walked. The source corpus associates the advisory with Siemens SIMATIC CN 4100 versions earlier than 5.0, but the vulnerability narrative itself is clearly about Linux kernel Hyper-V virtual networking behavior. That product attribution should be treated cautiously and verified against the vendor advisory before operational decisions are made.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and administrators running Linux guests or appliances that use Hyper-V virtual networking with VF support, especially environments covered by the Siemens advisory mapping and any systems that may be exposed to namespace deletion events.
Technical summary
The issue occurs in hv_netvsc when NETDEV_REGISTER handling can move a VF NIC between namespaces. During namespace teardown, default_device_exit_net() walks net devices with for_each_netdev_safe(); if the netvsc NIC is re-registered and pulls the VF back into the default namespace mid-iteration, the loop can lose track of the list end and dereference NULL. The advisory states the remediation is to move the namespace-change logic to a workqueue and hold rtnl_lock to prevent concurrent netdev list mutation.
Defensive priority
Medium. The CVSS score is 5.2, but the impact is a kernel panic and service interruption in affected virtualized networking setups, so validation and patching should not be delayed on exposed systems.
Recommended defensive actions
- Apply the vendor remediation and update to version 5.0 or later, as specified in the advisory.
- Verify whether affected systems actually use the Hyper-V VF/netvsc namespace path described in the advisory before prioritizing rollout.
- Review Linux kernel and appliance patch levels on any systems matching the advisory scope, and schedule maintenance to eliminate the crash condition.
- Track vendor and CISA advisory updates for any scope or product-mapping corrections.
- If this advisory applies to your environment, test the update in a controlled maintenance window to confirm namespace deletion no longer triggers a panic.
Evidence notes
The supplied source item (ICSA-26-134-10, published 2026-05-12 and republished 2026-05-14) explicitly describes the hv_netvsc panic condition, the NULL pointer dereference, and the fix approach using a workqueue plus rtnl_lock. The same corpus also maps the advisory to Siemens SIMATIC CN 4100 versions earlier than 5.0, but that mapping has low confidence in the provided metadata and should be reviewed because the narrative is kernel-specific. No KEV listing is present in the supplied data.
Official resources
-
CVE-2025-38683 CVE record
CVE.org
-
CVE-2025-38683 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-38683 was published in the supplied source corpus on 2026-05-12 and modified/republished on 2026-05-14. The supplied data does not indicate a CISA KEV entry.