CVE-2025-22091
📋 TL;DR
This CVE describes an integer overflow vulnerability in the Linux kernel's RDMA/mlx5 driver when registering large contiguous memory regions. The overflow causes a kernel warning and potential system instability. Systems using RDMA with mlx5 hardware and registering 4GB+ memory regions are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to WARN_ON trigger, leading to denial of service and potential data loss.
Likely Case
Kernel warning in dmesg and failure to register large memory regions, causing RDMA operations to fail.
If Mitigated
Minor performance impact from using smaller page sizes instead of optimized large pages.
🎯 Exploit Status
Exploitation requires local access and ability to trigger RDMA memory registration with specific conditions. The WARN_ON suggests this is more likely to cause instability than arbitrary code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 01fd737776ca0f17a96d83cd7f0840ce130b9a02, 05b215d5e219c0228b9c7082ba9bcf176c576646, e0c09f639ca0e102f250df8787740c2013e9d1b3, f0c2427412b43cdf1b7b0944749ea17ddb97d5a5
Vendor Advisory: https://git.kernel.org/stable/c/01fd737776ca0f17a96d83cd7f0840ce130b9a02
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify RDMA functionality works with large memory registrations.
🔧 Temporary Workarounds
Limit RDMA memory registration size
linuxConfigure applications to avoid registering contiguous memory regions larger than 2GB
Disable RDMA if not required
linuxRemove or blacklist mlx5_ib module if RDMA functionality is not needed
modprobe -r mlx5_ib
echo 'blacklist mlx5_ib' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Monitor kernel logs for WARN_ON messages from mlx5_ib driver
- Implement strict access controls to prevent unauthorized users from performing RDMA operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5_ib module is loaded: lsmod | grep mlx5_ibCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: uname -r and verify with git log📡 Detection & Monitoring
Log Indicators:
- WARNING messages in dmesg containing 'alloc_cacheable_mr' and 'mlx5_ib'
- Kernel oops or panic related to mlx5_ib module
Network Indicators:
- RDMA connection failures when transferring large data sets
SIEM Query:
source="kernel" AND "WARNING" AND "mlx5_ib" AND "alloc_cacheable_mr"