{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39768", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.127Z", "datePublished": "2025-09-11T16:56:22.984Z", "dateUpdated": "2025-09-11T16:56:22.984Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-11T16:56:22.984Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, fix complex rules rehash error flow\n\nMoving rules from matcher to matcher should not fail.\nHowever, if it does fail due to various reasons, the error flow\nshould allow the kernel to continue functioning (albeit with broken\nsteering rules) instead of going into series of soft lock-ups or\nsome other problematic behaviour.\n\nSimilar to the simple rules, complex rules rehash logic suffers\nfrom the same problems. This patch fixes the error flow for moving\ncomplex rules:\n - If new rule creation fails before it was even enqeued, do not\n poll for completion\n - If TIMEOUT happened while moving the rule, no point trying\n to poll for completions for other rules. Something is broken,\n completion won't come, just abort the rehash sequence.\n - If some other completion with error received, don't give up.\n Continue handling rest of the rules to minimize the damage.\n - Make sure that the first error code that was received will\n be actually returned to the caller instead of replacing it\n with the generic error code.\n\nAll the aforementioned issues stem from the same bad error flow,\nso no point fixing them one by one and leaving partially broken\ncode - fixing them in one patch."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc_complex.c"], "versions": [{"version": "17e0accac577fd6ea2090934d71a8c6f36702a26", "lessThan": "37d54bc28d092bc3b314da45d730f00e9d86ec2a", "status": "affected", "versionType": "git"}, {"version": "17e0accac577fd6ea2090934d71a8c6f36702a26", "lessThan": "4a842b1bf18a32ee0c25dd6dd98728b786a76fe4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc_complex.c"], "versions": [{"version": "6.16", "status": "affected"}, {"version": "0", "lessThan": "6.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.4", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.16.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.17-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/37d54bc28d092bc3b314da45d730f00e9d86ec2a"}, {"url": "https://git.kernel.org/stable/c/4a842b1bf18a32ee0c25dd6dd98728b786a76fe4"}], "title": "net/mlx5: HWS, fix complex rules rehash error flow", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, fix complex rules rehash error flow\n\nMoving rules from matcher to matcher should not fail.\nHowever, if it does fail due to various reasons, the error flow\nshould allow the kernel to continue functioning (albeit with broken\nsteering rules) instead of going into series of soft lock-ups or\nsome other problematic behaviour.\n\nSimilar to the simple rules, complex rules rehash logic suffers\nfrom the same problems. This patch fixes the error flow for moving\ncomplex rules:\n - If new rule creation fails before it was even enqeued, do not\n poll for completion\n - If TIMEOUT happened while moving the rule, no point trying\n to poll for completions for other rules. Something is broken,\n completion won't come, just abort the rehash sequence.\n - If some other completion with error received, don't give up.\n Continue handling rest of the rules to minimize the damage.\n - Make sure that the first error code that was received will\n be actually returned to the caller instead of replacing it\n with the generic error code.\n\nAll the aforementioned issues stem from the same bad error flow,\nso no point fixing them one by one and leaving partially broken\ncode - fixing them in one patch."}], "id": "CVE-2025-39768", "lastModified": "2025-09-11T17:15:42.250", "metrics": {}, "published": "2025-09-11T17:15:42.250", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/37d54bc28d092bc3b314da45d730f00e9d86ec2a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4a842b1bf18a32ee0c25dd6dd98728b786a76fe4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}