CVE-2025-68790Signal Handler Race Condition in Linux

CWE-364Signal Handler Race Condition7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 13

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in device's private data after unregistering it in LAG teardown. Otherwise a slightly lagging second pass through mlx5_unload_one() might try to unregister it again and trip over use-after-free. On s390 almost all PCI level recovery events trigger two passes through mxl5_unload_one() - one through the poll_health() method and one through mlx5_pci_err

Affected Packages3 packages

Linuxlinux/linux_kernel6.18.06.18.3
CVEListV5linux/linux5a977b5833b7a261bfa6094595ffa73c1071588cd2495f529d60e8e8c43e6ad524089c38b8be7bc4+2
debiandebian/linux

🔴Vulnerability Details

3
OSV
net/mlx5: Fix double unregister of HCA_PORTS component2026-01-13
GHSA
GHSA-r4v9-6rcf-whc8: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in2026-01-13
OSV
CVE-2025-68790: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in de2026-01-13

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5: Fix double unregister of HCA_PORTS component2026-01-13
Debian
CVE-2025-68790: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: F...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-68790 Impact, Exploitability, and Mitigation Steps | Wiz