Kernel Vulnerability in Linux Affecting Mellanox MLX5E and MLX5 Core Drivers
CVE-2025-38387

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38387?

In the Linux kernel, a vulnerability has been discovered in the Mellanox MLX5E and MLX5 core drivers related to improper initialization of the obj_event->obj_sub_list prior to insertion. If the list_head remains uninitialized, it may lead to severe crashes due to accessing a poisonous pointer upon immediate use following an insertion. The defect could cause a kernel NULL pointer dereference, potentially disrupting the normal operation of systems utilizing these drivers, necessitating prompt attention and remediation from affected users.

Affected Version(s)

Linux 7597385371425febdaa8c6a1da3625d4ffff16f5 < 716b555fc0580c2aa4c2c32ae4401c7e3ad9873e

Linux 7597385371425febdaa8c6a1da3625d4ffff16f5 < 972e968aac0dce8fe8faad54f6106de576695d8e

Linux 7597385371425febdaa8c6a1da3625d4ffff16f5 < 00ed215f593876385451423924fe0358c556179c

References

https://git.kernel.org/stable/c/716b555fc0580c2aa4c2c32ae...

https://git.kernel.org/stable/c/972e968aac0dce8fe8faad54f...

https://git.kernel.org/stable/c/00ed215f59387638545142392...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025