Login Sign Up

CVE-2025-38122

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's gve driver for Google Virtual Ethernet. When the gve_alloc_pending_packet() function fails to allocate memory and returns NULL, the gve_tx_add_skb_dqo() function dereferences this NULL pointer, potentially causing a kernel panic or system crash. This affects systems running vulnerable Linux kernel versions with the gve driver enabled.

💻 Affected Systems

Products:
  • Linux kernel with gve (Google Virtual Ethernet) driver
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable if gve driver is compiled and loaded. Common in Google Cloud environments using gve networking.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel panic when the driver fails to allocate memory during network transmission operations.

🟢

If Mitigated

Minor performance impact or packet loss when memory allocation fails, but system remains stable.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific driver operations; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Could be triggered by local users or processes causing memory pressure on systems with gve driver.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to trigger memory allocation failures in the gve driver, typically through local access or resource exhaustion attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (12c331b29c7397ac3b03584e12902990693bc248 and others listed)

Vendor Advisory: https://git.kernel.org/stable/c/12c331b29c7397ac3b03584e12902990693bc248

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable gve driver

linux

Remove or blacklist the gve driver if not required for system functionality

echo 'blacklist gve' >> /etc/modprobe.d/blacklist.conf
rmmod gve

Limit memory pressure

linux

Configure system to prevent memory exhaustion scenarios

sysctl -w vm.overcommit_memory=2
sysctl -w vm.overcommit_ratio=80

🧯 If You Can't Patch

  • Monitor system memory usage and ensure adequate available memory
  • Implement process limits to prevent memory exhaustion attacks

🔍 How to Verify

Check if Vulnerable:

Check if gve driver is loaded: lsmod | grep gve. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check dmesg for gve-related crashes after patch.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/messages or dmesg
  • NULL pointer dereference errors mentioning gve_tx_add_skb_dqo

Network Indicators:

  • Sudden loss of network connectivity on interfaces using gve driver

SIEM Query:

source="kernel" AND ("gve" OR "NULL pointer dereference")

📊 Metadata

CVE ID: CVE-2025-38122
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.03% exploit probability (7th percentile)
Published: July 3, 2025
Last Updated: December 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38122, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)