CVE-2025-38582

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix double destruction of rsv_qp

rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init().

list_del corruption, ffff589732eb9b50->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240 … Call trace: __list_del_entry_valid+0x148/0x240 hns_roce_qp_remove+0x4c/0x3f0 [hns_roce_hw_v2] hns_roce_v2_destroy_qp_common+0x1dc/0x5f4 [hns_roce_hw_v2] hns_roce_v2_destroy_qp+0x22c/0x46c [hns_roce_hw_v2] free_mr_exit+0x6c/0x120 [hns_roce_hw_v2] hns_roce_v2_exit+0x170/0x200 [hns_roce_hw_v2] hns_roce_exit+0x118/0x350 [hns_roce_hw_v2] __hns_roce_hw_v2_init_instance+0x1c8/0x304 [hns_roce_hw_v2] hns_roce_hw_v2_reset_notify_init+0x170/0x21c [hns_roce_hw_v2] hns_roce_hw_v2_reset_notify+0x6c/0x190 [hns_roce_hw_v2] hclge_notify_roce_client+0x6c/0x160 [hclge] hclge_reset_rebuild+0x150/0x5c0 [hclge] hclge_reset+0x10c/0x140 [hclge] hclge_reset_subtask+0x80/0x104 [hclge] hclge_reset_service_task+0x168/0x3ac [hclge] hclge_service_task+0x50/0x100 [hclge] process_one_work+0x250/0x9a0 worker_thread+0x324/0x990 kthread+0x190/0x210 ret_from_fork+0x10/0x18

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfd8489294dd2beefb70f12ec4f6132aeec61a4d0 < dab173bae3303f074f063750a8dead2550d8c782affected
LinuxLinuxfd8489294dd2beefb70f12ec4f6132aeec61a4d0 < fc8b0f5b16bab2e032b4cfcd6218d5df3b80b2eaaffected
LinuxLinuxfd8489294dd2beefb70f12ec4f6132aeec61a4d0 < 10b083dbba22be19baa848432b6f25aa68ab2db5affected
LinuxLinuxfd8489294dd2beefb70f12ec4f6132aeec61a4d0 < c6957b95ecc5b63c5a4bb4ecc28af326cf8f6dc8affected
LinuxLinux2ccf1c75d39949d8ea043d04a2e92d7100ea723daffected
LinuxLinuxd2d9c5127122745da6e887f451dd248cfeffca33affected
LinuxLinuxdac2723d8bfa9cf5333f477741e6e5fa1ed34645affected
LinuxLinux60595923371c2ebe7faf82536c47eb0c967e3425affected
LinuxLinux6.1.113 < 6.2affected
LinuxLinux6.6.54 < 6.7affected
LinuxLinux6.10.13 < 6.11affected
LinuxLinux6.11.2 < 6.12affected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.42 <= 6.12.*unaffected
LinuxLinux6.15.10 <= 6.15.*unaffected
LinuxLinux6.16.1 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References