CVE-2025-39768
📋 TL;DR
This CVE addresses an error handling flaw in the Linux kernel's mlx5 network driver when rehashing complex rules. If moving rules between matchers fails, improper error flow could cause kernel soft lock-ups or problematic behavior, potentially leading to denial of service. Systems using Mellanox network hardware with affected Linux kernel versions are impacted.
💻 Affected Systems
- Linux kernel with mlx5 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel soft lock-ups causing system crashes or denial of service, potentially affecting network connectivity and system stability.
Likely Case
Degraded network performance, broken steering rules, or system instability requiring reboot.
If Mitigated
Broken steering rules but kernel continues functioning without lock-ups, maintaining basic system operation.
🎯 Exploit Status
Exploitation requires triggering specific error conditions during rule rehashing, likely requiring local access or specific network operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits 37d54bc28d092bc3b314da45d730f00e9d86ec2a and 4a842b1bf18a32ee0c25dd6dd98728b786a76fe4)
Vendor Advisory: https://git.kernel.org/stable/c/37d54bc28d092bc3b314da45d730f00e9d86ec2a
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix. 2. For distributions: Apply kernel security updates from your vendor. 3. Rebuild kernel if compiling from source with the patch applied.
🔧 Temporary Workarounds
Disable mlx5 hardware offloading
LinuxPrevents the vulnerable code path by disabling hardware steering offloading
ethtool -K <interface> hw-tc-offload off
🧯 If You Can't Patch
- Monitor system logs for kernel soft lock-up messages or network performance degradation
- Consider replacing or avoiding Mellanox network hardware until patched
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5 driver is loaded: lsmod | grep mlx5Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with distribution's security advisory📡 Detection & Monitoring
Log Indicators:
- Kernel soft lock-up messages in dmesg
- Network driver error messages related to mlx5 or rule rehashing
Network Indicators:
- Unexpected network performance degradation on systems with Mellanox hardware
SIEM Query:
source="kernel" AND ("soft lockup" OR "mlx5" OR "rehash")