CVE-2025-38186

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc1

Description: A vulnerability in the Linux kernel has been resolved, related to the bnxt en driver. The issue arises from the double invocation of bnxt ulp stop() and bnxt ulp start() functions, which can cause the RoCE driver's aux driver .suspend() method to be invoked twice, leading to a kernel NULL pointer dereference. This occurs when bnxt ulp restart() is called after bnxt ulp stop() has been invoked. The vulnerability can result in a system crash.

Recommendations: To resolve the issue, apply the patch that fixes the double invocation of bnxt ulp stop() and bnxt ulp start() functions. Specifically, check the BNXT EN FLAG ULP STOPPED flag and do not proceed if it is already set. Additionally, clear the BNXT EN FLAG ULP STOPPED flag after taking the mutex in bnxt ulp start() to avoid any race condition. Only proceed in bnxt ulp start() if the BNXT EN FLAG ULP STOPPED flag is set.