CVE-2025-38387
published 2025-07-25CVE-2025-38387: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
The obj_event may be loaded immediately after inserted, then if the
list_head is not initialized then we may get a poisonous pointer. This
fixes the crash below:
mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)
mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056
mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0
mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps
IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060
Mem abort info:
ESR = 0x96000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000
[0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000
Internal error: Oops: 96000006 [#1] SMP
Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) m
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < 716b555fc0580c2aa4c2c32ae4401c7e3ad9873e | 716b555fc0580c2aa4c2c32ae4401c7e3ad9873e |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < 972e968aac0dce8fe8faad54f6106de576695d8e | 972e968aac0dce8fe8faad54f6106de576695d8e |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < 00ed215f593876385451423924fe0358c556179c | 00ed215f593876385451423924fe0358c556179c |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < 9a28377a96fb299c180dd9cf0be3b0a038a52d4e | 9a28377a96fb299c180dd9cf0be3b0a038a52d4e |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < 23a3b32a274a8d6f33480d0eff436eb100981651 | 23a3b32a274a8d6f33480d0eff436eb100981651 |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < 93fccfa71c66a4003b3d2fef3a38de7307e14a4e | 93fccfa71c66a4003b3d2fef3a38de7307e14a4e |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < e8069711139249994450c214cec152b917b959e0 | e8069711139249994450c214cec152b917b959e0 |
| linux | linux | >= 7597385371425febdaa8c6a1da3625d4ffff16f5 < 8edab8a72d67742f87e9dc2e2b0cdfddda5dc29a | 8edab8a72d67742f87e9dc2e2b0cdfddda5dc29a |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.11 < 5.15.187 | 5.15.187 |
| linux | linux_kernel | >= 5.16 < 6.1.144 | 6.1.144 |
| linux | linux_kernel | >= 5.3 < 5.4.296 | 5.4.296 |
| linux | linux_kernel | >= 5.5 < 5.10.240 | 5.10.240 |
| linux | linux_kernel | >= 6.13 < 6.15.6 | 6.15.6 |
| linux | linux_kernel | >= 6.2 < 6.6.97 | 6.6.97 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.6MEDIUM