Null Pointer Dereference Vulnerability in Linux Kernel's MLX5 Network Driver
CVE-2025-37888

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-37888?

A vulnerability in the MLX5 network driver of the Linux kernel has been identified, which allows for a potential null pointer dereference. This flaw occurs when the functions mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() fail to check the return value of mlx5_get_flow_namespace(), leading to instability and crashes in applications relying on network operations. A patch has been implemented to address this issue, enhancing the overall stability and security of the Linux kernel's networking capabilities.

Affected Version(s)

Linux 137f3d50ad2a0f2e1ebe5181d6b32a5541786b99 < 0b682680b12b08cd62b113ea92b2938195de1dfe

Linux 137f3d50ad2a0f2e1ebe5181d6b32a5541786b99

Linux 137f3d50ad2a0f2e1ebe5181d6b32a5541786b99 < 91037037ee3d611ce17f39d75f79c7de394b122a

References

https://git.kernel.org/stable/c/0b682680b12b08cd62b113ea9...

https://git.kernel.org/stable/c/ecd9d2647ddb4f42a121de648...

https://git.kernel.org/stable/c/91037037ee3d611ce17f39d75...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON