CVE-2025-21662

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix variable not being completed when function returns

When cmd_alloc_index(), fails cmd_work_handler() needs to complete ent->slotted before returning early. Otherwise the task which issued the command may hang:

mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry INFO: task kworker/13:2:4055883 blocked for more than 120 seconds. Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/13:2 D 0 4055883 2 0x00000228 Workqueue: events mlx5e_tx_dim_work [mlx5_core] Call trace: __switch_to+0xe8/0x150 __schedule+0x2a8/0x9b8 schedule+0x2c/0x88 schedule_timeout+0x204/0x478 wait_for_common+0x154/0x250 wait_for_completion+0x28/0x38 cmd_exec+0x7a0/0xa00 [mlx5_core] mlx5_cmd_exec+0x54/0x80 [mlx5_core] mlx5_core_modify_cq+0x6c/0x80 [mlx5_core] mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core] mlx5e_tx_dim_work+0x54/0x68 [mlx5_core] process_one_work+0x1b0/0x448 worker_thread+0x54/0x468 kthread+0x134/0x138 ret_from_fork+0x10/0x18

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4baae687a20ef2b82fde12de3c04461e6f2521d6 < f0a2808767ac39f64b1d9a0ff865c255073cf3d4affected
LinuxLinuxf9caccdd42e999b74303c9b0643300073ed5d319 < 229cc10284373fbe754e623b7033dca7e7470ec8affected
LinuxLinux485d65e1357123a697c591a5aeb773994b247ad7 < 36124081f6ffd9dfaad48830bdf106bb82a9457daffected
LinuxLinux485d65e1357123a697c591a5aeb773994b247ad7 < 0e2909c6bec9048f49d0c8e16887c63b50b14647affected
LinuxLinux2d0962d05c93de391ce85f6e764df895f47c8918affected
LinuxLinux94024332a129c6e4275569d85c0c1bfb2ae2d71baffected
LinuxLinux6.1.93 < 6.1.125affected
LinuxLinux6.6.33 < 6.6.72affected
LinuxLinux6.8.12 < 6.9affected
LinuxLinux6.9.3 < 6.10affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.1.125 <= 6.1.*unaffected
LinuxLinux6.6.72 <= 6.6.*unaffected
LinuxLinux6.12.10 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References