Linux Kernel RDMA Vulnerability in Mellanox Device Drivers
CVE-2025-38372

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38372?

In the Linux kernel, an improper handling of implicit ODP in RDMA related to Mellanox device drivers led to unsafe access of shared resources. The functions __xa_store() and __xa_erase() were executed without the appropriate locks, resulting in potential RCU usage warnings and unstable kernel behavior. This issue underscores the importance of implementing proper locking mechanisms to ensure data integrity and system stability in multi-threaded environments.

Affected Version(s)

Linux 7cc8f681f6d4ae4478ae0f60485fc768f2b450da < 9d2ef890e49963b768d4fe5a33029aacd9f6b93f

Linux d3d930411ce390e532470194296658a960887773

Linux d3d930411ce390e532470194296658a960887773 < 2c6b640ea08bff1a192bf87fa45246ff1e40767c

References

https://git.kernel.org/stable/c/9d2ef890e49963b768d4fe5a3...

https://git.kernel.org/stable/c/ebebffb47c78f63ba7e4fbde3...

https://git.kernel.org/stable/c/2c6b640ea08bff1a192bf87fa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025