CVE-2025-68779

Linux Kernel 6.18-6.18.2 - Use-After-Free in PSP Unregistration

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> mlx5e_psp_unregister This leads to a refcount underflow in some conditions: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 2 PID: 1694 at lib/refcount.c:28 refcount_warn_saturate+0xd8/0xe0 [...] mlx5e_psp_unregister+0x26/0x50 [mlx5_core] mlx5e_nic_cleanup+0x26/0x90 [mlx5_core] mlx5e_remove+0xe6/0x1f0 [mlx5_core] auxiliary_bus_remove+0x18/0x30 device_release_driver_internal+0x194/0x1f0 bus_remove_device+0xc6/0x130 device_del+0x159/0x3c0 mlx5_rescan_drivers_locked+0xbc/0x2a0 [mlx5_core] [...] Do not directly remove psp from the _mlx5e_remove path, the PSP cleanup happens as part of profile cleanup.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/e12c912f92ccea671b514caf371f28485714bb4b

Patch

https://git.kernel.org/stable/c/35e93736f69963337912594eb3951ab320b77521

Scores

EPSS 0.0003

EPSS Percentile 10.8%

Details

Status published

Products (7)

linux/Kernel 6.18.0 - 6.18.3linux

Linux/Linux < 6.18

Linux/Linux 6.18

Linux/Linux 6.18.3 - 6.18.*

Linux/Linux 6.19

Linux/Linux 89ee2d92f66c45625ff1c173df2dbdea32568c5d - 35e93736f69963337912594eb3951ab320b77521

Linux/Linux 89ee2d92f66c45625ff1c173df2dbdea32568c5d - e12c912f92ccea671b514caf371f28485714bb4b

Published Jan 13, 2026

Tracked Since Feb 18, 2026