CVE-2025-39947

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: Harden uplink netdev access against device unbind<br /> <br /> The function mlx5_uplink_netdev_get() gets the uplink netdevice<br /> pointer from mdev-&gt;mlx5e_res.uplink_netdev. However, the netdevice can<br /> be removed and its pointer cleared when unbound from the mlx5_core.eth<br /> driver. This results in a NULL pointer, causing a kernel panic.<br /> <br /> BUG: unable to handle page fault for address: 0000000000001300<br /> at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]<br /> Call Trace:<br /> <br /> mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]<br /> esw_offloads_enable+0x593/0x910 [mlx5_core]<br /> mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]<br /> mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]<br /> devlink_nl_eswitch_set_doit+0x60/0xd0<br /> genl_family_rcv_msg_doit+0xe0/0x130<br /> genl_rcv_msg+0x183/0x290<br /> netlink_rcv_skb+0x4b/0xf0<br /> genl_rcv+0x24/0x40<br /> netlink_unicast+0x255/0x380<br /> netlink_sendmsg+0x1f3/0x420<br /> __sock_sendmsg+0x38/0x60<br /> __sys_sendto+0x119/0x180<br /> do_syscall_64+0x53/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x4b/0x53<br /> <br /> Ensure the pointer is valid before use by checking it for NULL. If it<br /> is valid, immediately call netdev_hold() to take a reference, and<br /> preventing the netdevice from being freed while it is in use.