Linux Kernel Memory Access Vulnerability in Mellanox Device Drivers
CVE-2025-38645

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38645?

A memory access vulnerability exists in the Mellanox device driver within the Linux kernel due to inadequate handling of device memory pointers. Specifically, a NULL check should be implemented prior to accessing device memory to avert potential crashes arising from failed memory allocations. This flaw highlights the importance of rigorous memory management practices within kernel modules to ensure system stability and prevent operational disruptions.

Affected Version(s)

Linux c9b9dcb430b3cd0ad2b04c360c4e528d73430481

Linux c9b9dcb430b3cd0ad2b04c360c4e528d73430481 < 62d7cf455c887941ed6f105cd430ba04ee0b6c9f

Linux c9b9dcb430b3cd0ad2b04c360c4e528d73430481 < 4249f1307932f1b6bbb8b7eba60d82f0b7e44430

References

https://git.kernel.org/stable/c/eebb225fe6c9103293807b8ed...

https://git.kernel.org/stable/c/62d7cf455c887941ed6f105cd...

https://git.kernel.org/stable/c/4249f1307932f1b6bbb8b7eba...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025