CVE-2025-38372

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc7 for upstream debug 2025 03 18 15 01

Description A flaw exists in the Linux kernel's RDMA/mlx5 component related to unsafe xarray access during implicit ODP handling. Specifically, the xa store() and xa erase() functions were used without the necessary locking mechanisms, leading to a lockdep warning and potential RCU usage issues. This could potentially lead to system instability.

Recommendations Update to Linux kernel version 6.14.0-rc7 for upstream debug 2025 03 18 15 01 or a later version to address this issue.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2025-09139

CVE-2025-38372

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-38372

Weakness Enumeration

Related Identifiers

Affected Products

References · 1465