CVE-2025-68209

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the mlx5 driver related to the creation of completion queues (CQs). Currently, CQs without a completion function are assigned the mlx5 add cq to tasklet function by default, which is intended only for user CQs created through the mlx5 ib driver. Additionally, the default CQ creation flow can leave a valid value in the CQ's arm db field, potentially allowing firmware to send interrupts to polling-only CQs. These factors could allow a polling-only kernel CQ to be triggered by an event queue (EQ) interrupt and call a completion function intended for user CQs, resulting in a null pointer exception. The issue is addressed by adding defaults to the CQ creation flow, including a dummy completion function and an invalid command sequence number for kernel CQs. Callers of mlx5 core create cq are responsible for configuring the completion function and arming the CQ as needed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.