Deadlock Vulnerability in Linux Kernel's Mellanox Driver Affecting Multiple Releases
CVE-2025-38373
What is CVE-2025-38373?
A deadlock vulnerability has been identified in the Mellanox driver within the Linux kernel. This issue arises from the improper ordering of mutex locks, particularly during memory allocation operations triggered by calling kzalloc(). When the umem_mutex is held simultaneously during kernel memory allocation processes, it can lead to a situation where the driver attempts to reacquire umem_mutex again, causing a deadlock scenario. The analysis showed that this vulnerability can occur during the deregistration of memory regions, specifically through functions like mlx5_ib_dereg_mr and cache_ent_find_and_store. The vulnerability has been addressed by changing the locking order to release umem_mutex before performing potentially blocking memory operations, thereby preventing any deadlock from occurring.
Affected Version(s)
Linux b13d32786acabf70a7b04ed24b7468fc3c82977c
Linux abb604a1a9c87255c7a6f3b784410a9707baf467 < 727eb1be65a370572edf307558ec3396b8573156
Linux abb604a1a9c87255c7a6f3b784410a9707baf467 < 2ed25aa7f7711f508b6120e336f05cd9d49943c0