Use-After-Free Vulnerability in Linux Kernel Affecting Mellanox Devices
CVE-2025-21714

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21714?

A use-after-free vulnerability exists in the Linux kernel within the Mellanox driver related to the improper handling of implicit ODP (On-Demand Paging) memory regions. This flaw can lead to the potential invalidation of memory regions being freed more than once. If an implicit ODP memory region descriptor (mr) is queued for destruction while simultaneously being invalidated, it may result in user access after memory has been freed. This could trigger significant issues including system instability and security breaches. Proper safeguards using __xa_cmpxchg() have been implemented to ensure that the destruction of memory regions occurs only once, mitigating the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 5256edcb98a14b11409a2d323f56a70a8b366363 < 7cc8f681f6d4ae4478ae0f60485fc768f2b450da

Linux 5256edcb98a14b11409a2d323f56a70a8b366363

Linux 5256edcb98a14b11409a2d323f56a70a8b366363

References

https://git.kernel.org/stable/c/7cc8f681f6d4ae4478ae0f604...
https://git.kernel.org/stable/c/edfb65dbb9ffd3102f3ff4dd2...
https://git.kernel.org/stable/c/d3d930411ce390e5324701942...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.