CVE-2025-38440

EPSS 0.03%
Published 25.07.2025 16:15:29
Last modified 29.07.2025 14:14:55
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix race between DIM disable and net_dim()

There's a race between disabling DIM and NAPI callbacks using the dim
pointer on the RQ or SQ.

If NAPI checks the DIM state bit and sees it still set, it assumes
`rq->dim` or `sq->dim` is valid. But if DIM gets disabled right after
that check, the pointer might already be set to NULL, leading to a NULL
pointer dereference in net_dim().

Fix this by calling `synchronize_net()` before freeing the DIM context.
This ensures all in-progress NAPI callbacks are finished before the
pointer is cleared.

Kernel log:

BUG: kernel NULL pointer dereference, address: 0000000000000000
...
RIP: 0010:net_dim+0x23/0x190
...
Call Trace:
 <TASK>
 ? __die+0x20/0x60
 ? page_fault_oops+0x150/0x3e0
 ? common_interrupt+0xf/0xa0
 ? sysvec_call_function_single+0xb/0x90
 ? exc_page_fault+0x74/0x130
 ? asm_exc_page_fault+0x22/0x30
 ? net_dim+0x23/0x190
 ? mlx5e_poll_ico_cq+0x41/0x6f0 [mlx5_core]
 ? sysvec_apic_timer_interrupt+0xb/0x90
 mlx5e_handle_rx_dim+0x92/0xd0 [mlx5_core]
 mlx5e_napi_poll+0x2cd/0xac0 [mlx5_core]
 ? mlx5e_poll_ico_cq+0xe5/0x6f0 [mlx5_core]
 busy_poll_stop+0xa2/0x200
 ? mlx5e_napi_poll+0x1d9/0xac0 [mlx5_core]
 ? mlx5e_trigger_irq+0x130/0x130 [mlx5_core]
 __napi_busy_loop+0x345/0x3b0
 ? sysvec_call_function_single+0xb/0x90
 ? asm_sysvec_call_function_single+0x16/0x20
 ? sysvec_apic_timer_interrupt+0xb/0x90
 ? pcpu_free_area+0x1e4/0x2e0
 napi_busy_loop+0x11/0x20
 xsk_recvmsg+0x10c/0x130
 sock_recvmsg+0x44/0x70
 __sys_recvfrom+0xbc/0x130
 ? __schedule+0x398/0x890
 __x64_sys_recvfrom+0x20/0x30
 do_syscall_64+0x4c/0x100
 entry_SYSCALL_64_after_hwframe+0x4b/0x53
...
---[ end trace 0000000000000000 ]---
...
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 7581afc051542e11ccf3ade68acd01b7fb1a3cde

Version 445a25f6e1a2f6a132b06af6ede4f3c9b5f9af68

Status affected

Version < 2bc6fb90486e42dd80e660ef7a40c02b2516c6d6

Version 445a25f6e1a2f6a132b06af6ede4f3c9b5f9af68

Status affected

Version < eb41a264a3a576dc040ee37c3d9d6b7e2d9be968

Version 445a25f6e1a2f6a132b06af6ede4f3c9b5f9af68

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.10

Status affected

Version < 6.10

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.39

Status unaffected

Version <= 6.15.*

Version 6.15.7

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/2bc6fb90486e42dd80e660ef7a40c02b2516c6d6

https://git.kernel.org/stable/c/7581afc051542e11ccf3ade68acd01b7fb1a3cde

https://git.kernel.org/stable/c/eb41a264a3a576dc040ee37c3d9d6b7e2d9be968

https://nvd.nist.gov/vuln/detail/CVE-2025-38440

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38440

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38440

EUVD