PT-2025-4343 · Linux+5 · Linux Kernel+5

Published

2025-01-21

·

Updated

2025-10-03

·

CVE-2025-21662

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A vulnerability in the Linux kernel has been resolved, specifically in the net/mlx5 component. The issue occurs when the cmd alloc index() function fails, and the cmd work handler() function needs to complete the ent->slotted variable before returning early. If this does not happen, the task that issued the command may hang. This can lead to a situation where a task is blocked for more than 120 seconds, resulting in a hung task message.
Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the cmd work handler() function until a patch is available. Restrict access to the net/mlx5 component to minimize the risk of exploitation. Avoid using the cmd alloc index() function in the affected kernel version until the issue is resolved.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALT-PU-2025-12647
BDU:2025-06556
CVE-2025-21662
DLA-4076-1
DSA-5860-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1318
OESA-2025-1319
OESA-2025-1320
OESA-2025-1321
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu