Use-After-Free Vulnerability in Linux Kernel's Matcher Disconnect Flow by Mellanox
CVE-2025-21751

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability was identified in the Linux Kernel affecting the matcher disconnect flow. When a firmware failure occurs during this process, the current flow attempts to reconnect the matcher and subsequently returns an error. This leads to a scenario where a freed matcher remains on the matchers list, resulting in a use-after-free condition and a potential system crash. The patch addresses this issue by preventing reconnection attempts when firmware commands fail during disconnect, thereby allowing the driver to continue operating without crashing due to the use-after-free error. This situation can also result in resource leakage and a compromised steering state, emphasizing the importance of robust error handling during resource destruction.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 23a86c76a1a197e8fbbbd0ce3e826eb58c471624

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1ce840c7a659aa53a31ef49f0271b4fd0dc10296

Linux 6.13.3 <= 6.13.*

References

https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3...

https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024