CVE-2025-39768
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix complex rules rehash error flow Moving rules from matcher to matcher should not fail. However, if it does fail due to various reasons, the error flow should allow the kernel to continue functioning (albeit with broken steering rules) instead of going into series of soft lock-ups or some other problematic behaviour. Similar to the simple rules, complex rules rehash logic suffers from the same problems. This patch fixes the error flow for moving complex rules: - If new rule creation fails before it was even enqeued, do not poll for completion - If TIMEOUT happened while moving the rule, no point trying to poll for completions for other rules. Something is broken, completion won't come, just abort the rehash sequence. - If some other completion with error received, don't give up. Continue handling rest of the rules to minimize the damage. - Make sure that the first error code that was received will be actually returned to the caller instead of replacing it with the generic error code. All the aforementioned issues stem from the same bad error flow, so no point fixing them one by one and leaving partially broken code - fixing them in one patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-11-25
Generated
2026-05-07
AI Q&A
2025-09-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39768
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is related to the Linux kernel's handling of complex rules in the mlx5 network driver. When moving rules from one matcher to another, if an error occurs, the kernel's error handling flow was flawed. Instead of allowing the kernel to continue functioning despite broken steering rules, it could lead to soft lock-ups or other problematic behavior. The patch fixes this by improving error handling during the rehashing of complex rules, ensuring that failures do not cause the kernel to hang and that errors are properly reported and handled to minimize damage.


How can this vulnerability impact me? :

If this vulnerability is triggered, it can cause the Linux kernel to enter a series of soft lock-ups or other problematic behaviors, potentially leading to system instability or degraded network functionality. This could disrupt normal operations, especially in environments relying on the mlx5 network driver for steering rules, resulting in broken steering rules and impaired network traffic management.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to the version that includes the patch fixing the complex rules rehash error flow in the net/mlx5 driver. This patch ensures proper error handling and prevents kernel soft lock-ups related to moving steering rules. No other specific mitigation steps are provided.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart