CVE-2025-21751Use After Free in Linux

CWE-416Use After Free6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 78.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedFeb 27

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, which continues running the calling function and eventually frees the matcher that is being disconnected. This leads to a case where we have a freed matcher on the matchers list, which in turn leads to use-after-free and e

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel< 6.13.3
Debianlinux/linux_kernel< 6.12.48-1+1
CVEListV5linux/linux472dd792348f6601ccaa97d5626ee4faff8919015682aad0276ff9b9b0eff3188eb6a1f504d6b436+3
debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-6cpx-w2cg-qmgr: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware2025-02-27
OSV
CVE-2025-21751: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware fa2025-02-27

📋Vendor Advisories

3
Red Hat
kernel: net/mlx5: HWS, change error flow on matcher disconnect2025-02-27
Microsoft
net/mlx5: HWS, change error flow on matcher disconnect2025-02-11
Debian
CVE-2025-21751: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: H...2025
CVE-2025-21751 — Use After Free in Linux | cvebase