CVE-2025-37772

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability in the Linux kernel has been resolved, related to the RDMA/cma component. The issue occurs when multiple calls to cma netevent callback() are made in quick succession, causing the overwrite of previously queued work items for the same rdma cm id. This can lead to a kernel crash. The problem is due to the reuse of the struct work struct net work member in struct rdma cm id for enqueuing cma netevent work handler()s onto cma wq. Analysis using drgn indicates that the work item was likely overwritten.

Recommendations To resolve the issue, update the Linux kernel to a version where the fix for the RDMA/cma workqueue crash in cma netevent work handler has been applied. Specifically, the fix involves moving the INIT WORK() to rdma create id(), ensuring that it does not race with any existing queue work() or its worker thread. As a temporary workaround, consider disabling the cma netevent work handler() function until a patch is available.