Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local trigger via VF initialization requires low OS privilege; only availability impact (kernel panic); no confidentiality or integrity exposure; conditions are non-default but mechanistically simple.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Use pci_name() for debugfs directory naming
Use pci_name(pdev) for the per-device debugfs directory instead of hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs. The previous approach had two issues:
- pci_slot_name() dereferences pdev->slot, which can be NULL for VFs
in environments like generic VFIO passthrough or nested KVM, causing a NULL pointer dereference.
- Multiple PFs would all use "0", and VFs across different PCI
domains or buses could share the same slot name, leading to -EEXIST errors from debugfs_create_dir().
pci_name(pdev) returns the unique BDF address, is always valid, and is unique across the system.
AnalysisAI
NULL pointer dereference in the Linux kernel MANA (Microsoft Azure Network Adapter) driver crashes the host kernel when initializing Virtual Function (VF) devices in VFIO passthrough or nested KVM environments where pdev->slot is unpopulated. Systems running affected kernel versions in Azure-style or nested virtualization deployments face deterministic kernel panics and total availability loss on the host. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target Linux host to have the MANA driver loaded (`net/mana`) and a MANA Virtual Function (VF) device being initialized or probed while operating in a VFIO passthrough or nested KVM environment where `pdev->slot` is NULL. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, score 5.5) accurately characterizes this as a local, low-complexity, low-privilege denial-of-service with no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An operator or low-privilege local process on a Linux host with MANA VF devices configured for VFIO passthrough or nested KVM triggers VF device probe or re-initialization; the kernel calls `pci_slot_name(pdev->slot)` with a NULL `pdev->slot`, immediately causing a kernel NULL pointer dereference and host system panic. In a cloud multi-tenant scenario, a guest VM operator initiating MANA VF attachment in a nested virtualization stack could crash the underlying host, causing availability impact to co-hosted workloads. … |
| Remediation | Apply the upstream stable-kernel patches: the fix commits 34dbd7b819544c99c9d96b400fe4db613f40ac4b, 9211eb97e8f8c28bf9313ab97862d143dbbbef97, and c116f07ab9d22bb6f355f3cf9e44c1e6a47fe559 are available at git.kernel.org. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39859
GHSA-78w3-3c52-99hr