CVE-2025-21892

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7+

Description The issue is related to the recovery flow of the UMR QP in the Linux kernel. A race condition can occur when the software fails to wait for all outstanding WRs to complete before transitioning the QP to the RESET state. This can cause the firmware to skip sending some flushed CQEs with errors, resulting in lost CQEs and tasks becoming stuck. The patch resolves this issue by sending a final WR that serves as a barrier before moving the QP state to RESET.

Recommendations For Linux kernel versions prior to 6.12.0-rc7+, apply the patch that fixes the recovery flow of the UMR QP to resolve the issue. As a temporary workaround, consider disabling the mlx5r umr post send wait function until a patch is available. Restrict access to the vulnerable mlx5 ib module to minimize the risk of exploitation. Avoid using the rdma restrack put function in the affected API endpoint until the issue is resolved.