CVE-2025-38161

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-54.el10.aarch64

Description: A vulnerability in the Linux kernel has been resolved, specifically in the RDMA/mlx5 component. The issue occurs upon RQ destruction when the firmware command fails, causing some software resources to be cleaned regardless of the failure. This can lead to a use-after-free error, resulting in a kernel trace. The vulnerability is related to the refcount warn saturate function and can cause a crash.

Recommendations: To resolve the issue, update the Linux kernel to a version later than 6.12.0-54.el10.aarch64. As a temporary workaround, consider disabling the mlx5 ib module until a patch is available. Restrict access to the vulnerable RDMA/mlx5 component to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved.

Note: At the moment, there is no information about other versions that contain a fix for this vulnerability.