CVE-2025-21662

MEDIUM EPSS 9.8%
Published Jan 21, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 21, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needs to complete ent->slotted before returning early. Otherwise the task which issued the command may hang: mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry INFO: task kworker/13:2:4055883 blocked for more than 120 seconds. Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/13:2 D 0 4055883 2 0x00000228 Workqueue: events mlx5e_tx_dim_work [mlx5_core] Call trace: __switch_to+0xe8/0x150 __schedule+0x2a8/0x9b8 schedule+0x2c/0x88 schedule_timeout+0x204/0x478 wait_for_common+0x154/0x250 wait_for_completion+0x28/0x38 cmd_exec+0x7a0/0xa00 [mlx5_core] mlx5_cmd_exec+0x54/0x80 [mlx5_core] mlx5_core_modify_cq+0x6c/0x80 [mlx5_core] mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core] mlx5e_tx_dim_work+0x54/0x68 [mlx5_core] process_one_work+0x1b0/0x448 worker_thread+0x54/0x468 kthread+0x134/0x138 ret_from_fork+0x10/0x18

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
9.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.1.93  –  <6.1.125
linuxlinux_kernel*≥6.6.33  –  <6.6.72
linuxlinux_kernel*≥6.8.12  –  <6.9
linuxlinux_kernel*≥6.9.3  –  <6.12.10
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/0e2909c6bec9048f49d0c8e16887c63b50b14647
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/229cc10284373fbe754e623b7033dca7e7470ec8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36124081f6ffd9dfaad48830bdf106bb82a9457d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0a2808767ac39f64b1d9a0ff865c255073cf3d4
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0e2909c6bec9048f49d0c8e16887c63b50b14647
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/229cc10284373fbe754e623b7033dca7e7470ec8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36124081f6ffd9dfaad48830bdf106bb82a9457d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0a2808767ac39f64b1d9a0ff865c255073cf3d4
    Patch