CVE-2025-38385
📋 TL;DR
This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's lan78xx network driver. The vulnerability occurs when netif_napi_del() is called while NAPI is still enabled, causing a warning but not allowing exploitation. Systems using affected Linux kernel versions with lan78xx USB network adapters are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel warning/panic leading to system instability or denial of service during USB network device disconnection
Likely Case
Warning messages in kernel logs during USB network device removal, potentially causing minor system instability
If Mitigated
No impact beyond warning messages in logs if proper kernel configurations are in place
🎯 Exploit Status
This is a kernel warning/panic issue, not a traditional security vulnerability; exploitation requires physical USB device manipulation or driver interaction
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/17a37b9a5dd945d86110838fb471e7139ba993a2
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version matches patched release
🔧 Temporary Workarounds
Avoid lan78xx USB device disconnection
linuxPrevent triggering the condition by avoiding hot-unplug of lan78xx USB network adapters
Blacklist lan78xx driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist lan78xx' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor kernel logs for warning messages and investigate any system instability
- Avoid using lan78xx USB network adapters or implement strict USB device policy
🔍 How to Verify
Check if Vulnerable:
Check kernel logs for 'WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked' messages during USB network device disconnectionCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits; test USB network adapter disconnection while monitoring kernel logs📡 Detection & Monitoring
Log Indicators:
- WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked
- lan78xx_disconnect+0xf4/0x360 in stack trace
- Kernel panic messages following USB device removal
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND "__netif_napi_del_locked" AND "lan78xx"🔗 References
- https://git.kernel.org/stable/c/17a37b9a5dd945d86110838fb471e7139ba993a2
- https://git.kernel.org/stable/c/510a6095d754df9d727f644ec5076b7929d6c9ea
- https://git.kernel.org/stable/c/6c7ffc9af7186ed79403a3ffee9a1e5199fc7450
- https://git.kernel.org/stable/c/7135056a49035597198280820c61b8c5dbe4a1d0
- https://git.kernel.org/stable/c/968a419c95131e420f12bbdba19e96e2f6b071c4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
