CVE-2025-21892Race Condition in Linux

CWE-362Race ConditionCWE-221Information Loss or Omission40 documents7 sources
Severity
4.7MEDIUMNVD
OSV5.5
EPSS
0.0%
top 95.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedMar 27
Latest updateOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace [1]. During recovery, before transitioning the QP to the RESET state, the software must wait for all outstanding WRs to complete. Failing to do so can cause the firmware to skip sending some flushed CQEs with errors and simply discard them upon the

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages15 packages

NVDlinux/linux_kernel5.19.106.12.18+2
Debianlinux/linux_kernel< 6.12.19-1+1
Ubuntulinux/linux_kernel< 6.8.0-84.84

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

19
OSV
linux-oracle-6.8 vulnerabilities2025-10-15
OSV
linux-azure-nvidia vulnerabilities2025-10-08
OSV
linux-oracle vulnerabilities2025-10-06
OSV
linux-azure, linux-azure-6.8 vulnerabilities2025-10-02
OSV
linux-raspi-realtime vulnerabilities2025-10-02

📋Vendor Advisories

20
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-15
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-06
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-10-02
Ubuntu
Linux kernel (HWE) vulnerabilities2025-10-02