CVE-2025-39947

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The

mlx5 uplink netdev get()

function in the Linux kernel does not properly validate a netdevice pointer before use, potentially leading to a kernel panic when the device is unbound. Specifically, the function retrieves the uplink netdevice pointer from

mdev->mlx5e res.uplink netdev

, but this pointer can be cleared during device unbinding. This results in a NULL pointer dereference when the function attempts to access the invalid memory location. The call trace indicates the issue occurs within the

mlx5 core

module, specifically in the

mlx5e vport rep load

function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.