Kernel Vulnerability in Linux Affecting Mellanox Technologies Products
CVE-2025-39947

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39947?

A vulnerability in the Linux kernel related to Mellanox Technologies' network driver has been identified. The issue arises when the mlx5_uplink_netdev_get() function attempts to retrieve the uplink netdevice pointer. If the netdevice has been unbound from the mlx5_core.eth driver, this can lead to the pointer being NULL, resulting in a kernel panic. This vulnerability highlights the need for thorough pointer validation before usage to ensure system stability and prevent crashes. Proper checks and the use of reference counting like netdev_hold() are crucial to safeguard against such issues.

Affected Version(s)

Linux 7a9fb35e8c3a67145fca262c304de65cb2f83abf < 2cb17c88edd3a1c7aa6bc880dcdb35a6866fcb2e

Linux 7a9fb35e8c3a67145fca262c304de65cb2f83abf

Linux 7a9fb35e8c3a67145fca262c304de65cb2f83abf < 8df354eb2dd63d111ed5ae2e956e0dbb22bcf93b

References

https://git.kernel.org/stable/c/2cb17c88edd3a1c7aa6bc880d...

https://git.kernel.org/stable/c/d1f3db4e7a3be29fc17f01850...

https://git.kernel.org/stable/c/8df354eb2dd63d111ed5ae2e9...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON