CVE-2025-38735

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gve: prevent ethtool ops after shutdown<br /> <br /> A crash can occur if an ethtool operation is invoked<br /> after shutdown() is called.<br /> <br /> shutdown() is invoked during system shutdown to stop DMA operations<br /> without performing expensive deallocations. It is discouraged to<br /> unregister the netdev in this path, so the device may still be visible<br /> to userspace and kernel helpers.<br /> <br /> In gve, shutdown() tears down most internal data structures. If an<br /> ethtool operation is dispatched after shutdown(), it will dereference<br /> freed or NULL pointers, leading to a kernel panic. While graceful<br /> shutdown normally quiesces userspace before invoking the reboot<br /> syscall, forced shutdowns (as observed on GCP VMs) can still trigger<br /> this path.<br /> <br /> Fix by calling netif_device_detach() in shutdown().<br /> This marks the device as detached so the ethtool ioctl handler<br /> will skip dispatching operations to the driver.