5.5

CVE-2025-21662

net/mlx5: Fix variable not being completed when function returns

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix variable not being completed when function returns

When cmd_alloc_index(), fails cmd_work_handler() needs
to complete ent->slotted before returning early.
Otherwise the task which issued the command may hang:

   mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry
   INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.
         Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1
   "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
   kworker/13:2    D    0 4055883      2 0x00000228
   Workqueue: events mlx5e_tx_dim_work [mlx5_core]
   Call trace:
      __switch_to+0xe8/0x150
      __schedule+0x2a8/0x9b8
      schedule+0x2c/0x88
      schedule_timeout+0x204/0x478
      wait_for_common+0x154/0x250
      wait_for_completion+0x28/0x38
      cmd_exec+0x7a0/0xa00 [mlx5_core]
      mlx5_cmd_exec+0x54/0x80 [mlx5_core]
      mlx5_core_modify_cq+0x6c/0x80 [mlx5_core]
      mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core]
      mlx5e_tx_dim_work+0x54/0x68 [mlx5_core]
      process_one_work+0x1b0/0x448
      worker_thread+0x54/0x468
      kthread+0x134/0x138
      ret_from_fork+0x10/0x18
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1.93 < 6.1.125
LinuxLinux Kernel Version >= 6.6.33 < 6.6.72
LinuxLinux Kernel Version >= 6.8.12 < 6.9
LinuxLinux Kernel Version >= 6.9.3 < 6.12.10
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
LinuxLinux Kernel Version6.13 Updaterc5
LinuxLinux Kernel Version6.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.097
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0e2909c6bec9048f49d0c8e16887c63b50b14647
Patch
https://git.kernel.org/stable/c/229cc10284373fbe754e623b7033dca7e7470ec8
Patch
https://git.kernel.org/stable/c/36124081f6ffd9dfaad48830bdf106bb82a9457d
Patch
https://git.kernel.org/stable/c/f0a2808767ac39f64b1d9a0ff865c255073cf3d4
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html