Impact
An error in the mlx5e XSK path inside the Linux kernel causes DMA mappings and xdp_frames to remain allocated when a transmit queue becomes full, resulting in a growing number of pending DMA allocations and unreleased memory. This memory leak can exhaust kernel memory and lead to system instability or denial-of-service. The vulnerability is a resource management violation (CWE-772).
Affected Systems
Linux kernel builds that include the mlx5e driver with the XSK path are affected. All kernel versions that compile the net/mlx5e subsystem may contain the vulnerable code; specific release ranges are not listed. Administrators should verify whether their kernel incorporates the XSK path and the unmap issue in xmit_xdp_buff().
Risk and Exploitability
The CVSS score of 7.5 indicates high severity, but the EPSS score of less than 1% shows a very low probability of widespread exploitation. The flaw does not provide remote code execution; the likely attack vector is local or privileged access that triggers the XDP transmit queue to become full, such as by flooding XDP traffic. On high-throughput networking workloads, the resulting resource exhaustion can disrupt legitimate traffic, representing a significant denial-of-service risk.
OpenCVE Enrichment