CVE-2025-38200 – A Linux kernel vulnerability in the i40e networ... (How to Fix)

Q: What is the severity of CVE-2025-38200?

CVE-2025-38200 has a CVSS score of 5.5 (MEDIUM). A Linux kernel vulnerability in the i40e network driver allows integer underflow when processing specific device input, leading to MMIO write access to invalid memory pages. This affects systems using Intel Ethernet 700 Series controllers with vulnerable kernel versions. Attackers with local access could potentially crash the system or execute arbitrary code.

📋 TL;DR

A Linux kernel vulnerability in the i40e network driver allows integer underflow when processing specific device input, leading to MMIO write access to invalid memory pages. This affects systems using Intel Ethernet 700 Series controllers with vulnerable kernel versions. Attackers with local access could potentially crash the system or execute arbitrary code.

💻 Affected Systems

Products:

Linux kernel with i40e driver

Versions: Kernel versions containing vulnerable i40e driver code (specific commit ranges in references)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel Ethernet 700 Series controllers using the i40e driver. Virtualized environments may be affected if using passthrough or SR-IOV.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to kernel compromise, system crash, or arbitrary code execution with kernel privileges.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially requiring physical access to recover.

🟢

If Mitigated

Limited to denial of service if proper access controls prevent local user access to affected systems.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this to cause system instability or potentially gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to send specific input to the network device. Exploitation likely requires understanding of kernel memory layout and driver internals.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 015bac5daca978448f2671478c553ce1f300c21e or later

Vendor Advisory: https://git.kernel.org/stable/c/015bac5daca978448f2671478c553ce1f300c21e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel. 4. Verify i40e driver version in kernel logs.

🔧 Temporary Workarounds

Disable i40e driver

linux

Blacklist or disable the i40e driver if not required

echo 'blacklist i40e' >> /etc/modprobe.d/blacklist.conf
rmmod i40e

Restrict device access

linux

Use device permissions to restrict access to network interface

chmod 600 /dev/mem
setfacl -m u:root:rw /sys/class/net/ethX/device/resource0

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable drivers
Implement strict access controls and monitoring for systems using i40e drivers

🔍 How to Verify

Check if Vulnerable:

Check kernel version and i40e driver presence: 'uname -r' and 'lsmod | grep i40e'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: 'git log --oneline | grep 015bac5daca978448f2671478c553ce1f300c21e' or check kernel changelog

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
i40e driver errors in dmesg
System crash/panic logs

Network Indicators:

Sudden network interface disappearance
Unexpected network disruption on affected interfaces

SIEM Query:

source="kernel" AND ("i40e" OR "MMIO" OR "page fault")

📊 Metadata

CVE ID: CVE-2025-38200

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-191

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: July 4, 2025

Last Updated: December 18, 2025

🔗 References

https://git.kernel.org/stable/c/015bac5daca978448f2671478c553ce1f300c21e Patch
https://git.kernel.org/stable/c/2a1f4f2e36442a9bdf771acf6ee86f3cf876e5ca Patch
https://git.kernel.org/stable/c/3502dd42f178dae9d54696013386bb52b4f2e655 Patch
https://git.kernel.org/stable/c/5e75c9082987479e647c75ec8fdf18fa68263c42 Patch
https://git.kernel.org/stable/c/872607632c658d3739e4e7889e4f3c419ae2c193 Patch
https://git.kernel.org/stable/c/8cde755f56163281ec2c46b4ae8b61f532758a6f Patch
https://git.kernel.org/stable/c/d88a1e8f024ba26e19350958fecbf771a9960352 Patch
https://git.kernel.org/stable/c/fecb2fc3fc10c95724407cc45ea35af4a65cdde2 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38200, you might also want to check these: