Use-After-Free Vulnerability in Linux Kernel Affecting Mellanox Devices

CVE-2025-21714

Summary

A use-after-free vulnerability exists in the Linux kernel within the Mellanox driver related to the improper handling of implicit ODP (On-Demand Paging) memory regions. This flaw can lead to the potential invalidation of memory regions being freed more than once. If an implicit ODP memory region descriptor (mr) is queued for destruction while simultaneously being invalidated, it may result in user access after memory has been freed. This could trigger significant issues including system instability and security breaches. Proper safeguards using __xa_cmpxchg() have been implemented to ensure that the destruction of memory regions occurs only once, mitigating the risks associated with this vulnerability.

References