Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-38372

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/07/2025
Last modified:
18/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling<br /> <br /> __xa_store() and __xa_erase() were used without holding the proper lock,<br /> which led to a lockdep warning due to unsafe RCU usage. This patch<br /> replaces them with xa_store() and xa_erase(), which perform the necessary<br /> locking internally.<br /> <br /> =============================<br /> WARNING: suspicious RCPU usage<br /> 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1 Not tainted<br /> -----------------------------<br /> ./include/linux/xarray.h:1211 suspicious rcu_dereference_protected() usage!<br /> <br /> other info that might help us debug this:<br /> <br /> rcu_scheduler_active = 2, debug_locks = 1<br /> 3 locks held by kworker/u136:0/219:<br /> at: process_one_work+0xbe4/0x15f0<br /> process_one_work+0x75c/0x15f0<br /> pagefault_mr+0x9a5/0x1390 [mlx5_ib]<br /> <br /> stack backtrace:<br /> CPU: 14 UID: 0 PID: 219 Comm: kworker/u136:0 Not tainted<br /> 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS<br /> rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014<br /> Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]<br /> Call Trace:<br /> dump_stack_lvl+0xa8/0xc0<br /> lockdep_rcu_suspicious+0x1e6/0x260<br /> xas_create+0xb8a/0xee0<br /> xas_store+0x73/0x14c0<br /> __xa_store+0x13c/0x220<br /> ? xa_store_range+0x390/0x390<br /> ? spin_bug+0x1d0/0x1d0<br /> pagefault_mr+0xcb5/0x1390 [mlx5_ib]<br /> ? _raw_spin_unlock+0x1f/0x30<br /> mlx5_ib_eqe_pf_action+0x3be/0x2620 [mlx5_ib]<br /> ? lockdep_hardirqs_on_prepare+0x400/0x400<br /> ? mlx5_ib_invalidate_range+0xcb0/0xcb0 [mlx5_ib]<br /> process_one_work+0x7db/0x15f0<br /> ? pwq_dec_nr_in_flight+0xda0/0xda0<br /> ? assign_work+0x168/0x240<br /> worker_thread+0x57d/0xcd0<br /> ? rescuer_thread+0xc40/0xc40<br /> kthread+0x3b3/0x800<br /> ? kthread_is_per_cpu+0xb0/0xb0<br /> ? lock_downgrade+0x680/0x680<br /> ? do_raw_spin_lock+0x12d/0x270<br /> ? spin_bug+0x1d0/0x1d0<br /> ? finish_task_switch.isra.0+0x284/0x9e0<br /> ? lockdep_hardirqs_on_prepare+0x284/0x400<br /> ? kthread_is_per_cpu+0xb0/0xb0<br /> ret_from_fork+0x2d/0x70<br /> ? kthread_is_per_cpu+0xb0/0xb0<br /> ret_from_fork_asm+0x11/0x20

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12.13 (including) 6.12.37 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13.2 (including) 6.15.6 (excluding)
cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools