CVE-2025-71084
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancel_work_sync() will prevent the work from running which also prevents destroying the ah_attr. This leaks a refcount and triggers a WARN: GID entry ref leak for dev syz1 index 2 ref=573 WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline] WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 Destroy the ah_attr after canceling the work, it is safe to call this twice.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-03-25
Generated
2026-05-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71084
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.12
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.4 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.160 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.120 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.64 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.10.20 (inc) to 5.10.248 (exc)
linux linux_kernel From 5.11.3 (inc) to 5.12 (exc)
linux linux_kernel From 5.12.1 (inc) to 5.15.198 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's RDMA connection manager (CM) involves a reference leak in the multicast GID table. Specifically, if the CM ID is destroyed while a multicast creation event is still queued, the cancel_work_sync() function prevents the queued work from running, which also prevents the destruction of the ah_attr attribute. This leads to a reference count leak and triggers a warning in the kernel logs.


How can this vulnerability impact me? :

The impact of this vulnerability is a resource leak in the kernel's multicast GID table reference count, which can cause warnings and potentially degrade system stability or performance over time due to unreleased resources.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version where the RDMA/cm multicast GID table reference leak has been fixed. This involves applying the patch that ensures the ah_attr is destroyed after canceling the work, preventing the reference count leak and associated warnings.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific warning messages related to the RDMA multicast GID table reference leak. Look for warnings such as: 'GID entry ref leak for dev syz1 index 2 ref=573' and kernel warnings referencing 'drivers/infiniband/core/cache.c' at lines around 809 and 886. You can use the following command to check the kernel log for these warnings: sudo dmesg | grep -E 'GID entry ref leak|drivers/infiniband/core/cache.c' This will help identify if the refcount leak and WARN messages are occurring on your system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart