This bug was fixed in the package linux-azure - 6.8.0-1040.46
---------------
linux-azure (6.8.0-1040.46) noble; urgency=medium
* noble/linux-azure: 6.8.0-1040.46 -proposed tracker (LP: #2125522)
* azure: backport "cifs: fix pagecache leak when do writepages"
(LP: #2122719)
- cifs: fix pagecache leak when do writepages
* azure: backport "hv_netvsc: Fix panic during namespace deletion with VF"
(LP: #2120803)
- hv_netvsc: Fix panic during namespace deletion with VF
* azure: backport various SMB multichannel fixes (LP: #2118807)
- cifs: reset connections for all channels when reconnect requested
- cifs: update dstaddr whenever channel iface is updated
- cifs: dns resolution is needed only for primary channel
- cifs: deal with the channel loading lag while picking channels
- cifs: serialize other channels when query server interfaces is pending
- cifs: do not disable interface polling on failure
- smb: client: fix potential deadlock when reconnecting channels
- smb: client: fix warning when reconnecting channel
* net: mana: Use page pool fragments for RX buffers instead of full pages to
improve memory efficiency (LP: #2121570)
- net: mana: Use page pool fragments for RX buffers instead of full pages
to improve memory efficiency.
linux-azure (6.8.0-1039.45) noble; urgency=medium
* noble/linux-azure: 6.8.0-1039.45 -proposed tracker (LP: #2125074)
[ Ubuntu: 6.8.0-85.85 ]
* noble/linux: 6.8.0-85.85 -proposed tracker (LP: #2125109)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* CVE-2025-38500
- xfrm: interface: fix use-after-free after changing collect_md xfrm
interface
* TLS socket disconnection causes various issues (LP: #2120516) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
-- John Cabaj <[email protected]> Tue, 23 Sep 2025 14:23:09
-0500
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/2120803
Title:
azure: backport "hv_netvsc: Fix panic during namespace deletion with
VF"
Status in linux-azure package in Ubuntu:
In Progress
Status in linux-azure-5.15 package in Ubuntu:
New
Status in linux-azure source package in Focal:
Fix Committed
Status in linux-azure-5.15 source package in Focal:
Fix Committed
Status in linux-azure source package in Jammy:
Fix Released
Status in linux-azure source package in Noble:
Fix Released
Status in linux-azure source package in Plucky:
Fix Released
Bug description:
BugLink: https://bugs.launchpad.net/bugs/2120803
[Impact]
Microsoft has reported that the following upstream commit:
4c262801ea60 ("hv_netvsc: Fix VF namespace also in synthetic NIC
NETDEV_REGISTER event")
introduced a race condition in the hv_netvsc driver that can lead to a
null pointer dereference and subsequent kernel panic during a namespace
change:
[ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0
[ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010
[ 231.450246] #PF: supervisor read access in kernel mode
[ 231.450579] #PF: error_code(0x0000) - not-present page
[ 231.450916] PGD 17b8a8067 P4D 0
[ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI
[ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted
6.16.0-rc4+ #3 VOLUNTARY
[ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual
Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024
[ 231.452692] Workqueue: netns cleanup_net
[ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0
[ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd
ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50
10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00
[ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246
[ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX:
61c8864680b583eb
[ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI:
0000000030766564
[ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09:
0000000000000000
[ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12:
ff1fa9f70088e340
[ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15:
ff1fa9f7103e6340
[ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000)
knlGS:0000000000000000
[ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4:
0000000000b73ef0
[ 231.458434] Call Trace:
[ 231.458600] <TASK>
[ 231.458777] ops_undo_list+0x100/0x220
[ 231.459015] cleanup_net+0x1b8/0x300
[ 231.459285] process_one_work+0x184/0x340
[Fix]
Backport the following upstream fix commit:
33caa208dba6 ("hv_netvsc: Fix panic during namespace deletion with
VF")
to the linux-azure trees for all affected releases.
- Plucky, Noble, Jammy: clean cherry-picks
- Focal: simple backport due to a context conflict
[Test plan]
Compile-tested only; Microsoft will perform further validation.
[Where problems could occur]
Any issues here could lead to hangs or crashes during namespace change
operations for NICs within Hyper-V (particularly MANA NICs).
[Other info]
SF #00416493
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2120803/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
