CVE-2025-39832

MEDIUM

Linux Kernel 6.5-6.6.103, 6.7-6.12.44, 6.13-6.16.4 - Improper Locking in mlx5 Sync Reset Unload Event

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fw_activate option, the PF already holds the devlink lock while handling unload event. In this case, delegate sync reset unload event handling back to the devlink callback process to avoid double-locking and resolve the lockdep warning. Kernel log: WARNING: CPU: 9 PID: 1578 at devl_assert_locked+0x31/0x40 [...] Call Trace: <TASK> mlx5_unload_one_devl_locked+0x2c/0xc0 [mlx5_core] mlx5_sync_reset_unload_event+0xaf/0x2f0 [mlx5_core] process_one_work+0x222/0x640 worker_thread+0x199/0x350 kthread+0x10b/0x230 ? __pfx_worker_thread+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x8e/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-667
Status published
Products (15)
linux/Kernel 6.13.0 - 6.16.5linux
linux/Kernel 6.5.0 - 6.6.104linux
linux/Kernel 6.7.0 - 6.12.45linux
Linux/Linux < 6.5
Linux/Linux 6.12.45 - 6.12.*
Linux/Linux 6.16.5 - 6.16.*
Linux/Linux 6.17
Linux/Linux 6.5
Linux/Linux 6.6.104 - 6.6.*
Linux/Linux 7a9770f1bfeaeddf5afabd3244e2c4c4966be37d - 06d897148e79638651800d851a69547b56b4be2e
... and 5 more
Published Sep 16, 2025
Tracked Since Feb 18, 2026