Memory Leak Vulnerability in Linux Kernel's MLX5 Network Driver
CVE-2025-39834

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39834?

A memory leak vulnerability exists in the Linux kernel's MLX5 network driver, specifically in the function handling shares for the STC NIC. When an invalid 'stc_type' is received, memory is allocated for the shared STC but is not released if the execution jumps to the 'unlock_and_out' pathway. This oversight can lead to significant memory consumption and degrade system performance over time, as allocated resources remain unfreed. The issue has been identified and resolved by modifying the error handling path to ensure proper memory cleanup.

Affected Version(s)

Linux 504e536d90104c850731840d3fbc95acf251f11b < 051fd8576a2e4e95d5870c5c9f8679c5b16882e4

Linux 504e536d90104c850731840d3fbc95acf251f11b

Linux 6.12

References

https://git.kernel.org/stable/c/051fd8576a2e4e95d5870c5c9...

https://git.kernel.org/stable/c/a630f83592cdad1253523a1b7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025