CVE-2025-38287

Summary

In the Linux kernel, the following vulnerability has been resolved:

IB/cm: Drop lockdep assert and WARN when freeing old msg

The send completion handler can run after cm_id has advanced to another message. The cm_id lock is not needed in this case, but a recent change re-used cm_free_priv_msg(), which asserts that the lock is held and WARNs if the cm_id's currently outstanding msg is different than the one being freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1e5159219076ddb2e44338c667c83fd1bd43dfef < fc096a0cd2017cb0aa1e7fb83131410af9283910affected
LinuxLinux1e5159219076ddb2e44338c667c83fd1bd43dfef < 7590649ee7af381a9d1153143026dec124c5798eaffected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.15.3 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References