CVE-2025-38019
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's mlxsw driver allows local attackers to cause kernel memory corruption when deleting GRE network devices after driver reload. This affects systems using Mellanox Spectrum switches with the mlxsw driver and GRE tunnel configurations. Attackers with local access can potentially crash the system or execute arbitrary code.
💻 Affected Systems
- Linux kernel with mlxsw driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel mode, system crash, or arbitrary code execution leading to complete system compromise.
Likely Case
Kernel panic or system crash causing denial of service, potentially requiring physical access to restore.
If Mitigated
No impact if GRE tunnels aren't configured or if the vulnerable driver isn't loaded.
🎯 Exploit Status
Requires local access, specific configuration (GRE tunnels), and driver reload sequence. Not trivial but achievable by knowledgeable attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (see references for specific commits)
Vendor Advisory: https://git.kernel.org/stable/c/92ec4855034b2c4d13f117558dc73d20581fa9ff
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version with 'uname -r'. 4. Ensure mlxsw driver loads properly.
🔧 Temporary Workarounds
Disable GRE tunnel offloading
linuxPrevent driver from offloading GRE tunnel neighbors that trigger the vulnerability
# ip link del dev gre1 (for each GRE interface)
# Avoid creating GRE tunnels or remove existing ones
Avoid driver reload with GRE configuration
linuxDo not reload mlxsw driver while GRE tunnels with neighbor entries exist
# devlink dev reload pci/0000:01:00.0 (DO NOT EXECUTE if GRE tunnels exist)
🧯 If You Can't Patch
- Remove all GRE tunnel configurations from affected systems
- Restrict local access to systems using mlxsw driver with GRE tunnels
🔍 How to Verify
Check if Vulnerable:
Check if system uses mlxsw driver: 'lsmod | grep mlxsw' and if GRE tunnels exist: 'ip link show type gre'Check Version:
uname -rVerify Fix Applied:
Check kernel version is patched: 'uname -r' should match patched version. Verify no use-after-free occurs when testing GRE deletion scenarios.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning mlxsw_sp_neigh_entry_update
- KASAN reports of use-after-free in mlxsw driver
- System crashes after GRE tunnel operations
Network Indicators:
- Unexpected network disruption on GRE tunnel interfaces
- Mellanox switch connectivity issues
SIEM Query:
search 'kernel: BUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update' OR 'kernel panic' AND 'mlxsw'