CVE-2025-38039
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mlx5e network driver when configuring MQPRIO (Multi-Queue Priority) while HTB (Hierarchical Token Bucket) offload is already enabled. The driver incorrectly returns an error code (-EINVAL) and triggers a WARN_ON, which causes an unnecessary kernel warning and call trace. The fix changes the behavior to return a more appropriate error code (-EOPNOTSUPP) and provides a helpful user message, avoiding the warning and call trace.
How can this vulnerability impact me? :
The impact is primarily related to system stability and user experience. The vulnerability causes unnecessary kernel warnings and call traces when configuring network settings, which can clutter logs and potentially confuse administrators. It does not indicate a security breach or direct compromise but may affect troubleshooting and system management.