Resource Management Issue in Linux Kernel for Mellanox Hardware

CVE-2025-38161

What is CVE-2025-38161?

A vulnerability exists in the Linux kernel that affects Mellanox hardware during the RDMA resource management process. Specifically, when a Receive Queue (RQ) is destroyed, if the firmware command fails, some software resources may already be cleaned up despite this failure. This oversight has been rectified to ensure proper rollback of the resource state upon failure, thus preventing a use-after-free scenario that could lead to instability and potential system crashes. The issue manifests if multiple destruction attempts occur on the same object, leading to a warning and trace in kernel logs, highlighting the risks associated with improper management of resource refcounts.

References