CVE-2025-68779
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-01-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> mlx5e_psp_unregister This leads to a refcount underflow in some conditions: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 2 PID: 1694 at lib/refcount.c:28 refcount_warn_saturate+0xd8/0xe0 [...] mlx5e_psp_unregister+0x26/0x50 [mlx5_core] mlx5e_nic_cleanup+0x26/0x90 [mlx5_core] mlx5e_remove+0xe6/0x1f0 [mlx5_core] auxiliary_bus_remove+0x18/0x30 device_release_driver_internal+0x194/0x1f0 bus_remove_device+0xc6/0x130 device_del+0x159/0x3c0 mlx5_rescan_drivers_locked+0xbc/0x2a0 [mlx5_core] [...] Do not directly remove psp from the _mlx5e_remove path, the PSP cleanup happens as part of profile cleanup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-14
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68779
EUVD
EUVD-2026-2327
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the PSP (Packet Steering Profile) being unregistered twice in certain functions, leading to a reference count underflow. This causes a use-after-free condition, which can result in kernel warnings and potential instability or crashes. The issue arises because PSP cleanup is done twice: once directly in _mlx5e_remove and again during profile cleanup, which should be avoided.

Impact Analysis

The vulnerability can cause a reference count underflow and use-after-free in the kernel, potentially leading to system instability, crashes, or unexpected behavior in the network driver subsystem. This could affect system reliability and availability.

Detection Guidance

This vulnerability can be detected by monitoring kernel logs for refcount underflow warnings related to mlx5_core. Specifically, look for messages like 'refcount_t: underflow; use-after-free' and stack traces involving mlx5e_psp_unregister, mlx5e_nic_cleanup, and mlx5e_remove. You can use the command 'dmesg | grep refcount_t' or 'journalctl -k | grep refcount_t' to find such warnings in the kernel logs.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is resolved. Avoid manually unregistering PSP in the _mlx5e_remove path, as PSP cleanup is handled during profile cleanup. Applying the official patch or kernel update that fixes the double unregistering of PSP will prevent the refcount underflow and use-after-free condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart