PT-2025-8844 · Linux+5 · Linux Kernel+5

Published

2025-01-19

·

Updated

2026-05-26

·

CVE-2025-21732

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7+
Description A race condition in the Linux kernel's RDMA/mlx5 module can lead to a CQE error, causing the UMR QP to enter an error state. This occurs when the mlx5 ib dereg mr() flow and mlx5 ib invalidate range() are triggered concurrently, resulting in the lkey being freed and then accessed again, leading to an error. The issue is resolved by acquiring the umem odp->umem mutex lock as part of the mlx5 revoke mr() scope and setting umem odp->private to NULL upon successful revoke.
Recommendations For Linux kernel versions prior to 6.12.0-rc7+, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the mlx5r umr update xlt() function and the umem odp->umem mutex lock to minimize the risk of exploitation. Avoid using the lkey variable in the affected API endpoints until the issue is resolved.

Exploit

Fix

Race Condition

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2025:20095
AZL-62669
AZL-68967
BDU:2026-03287
CVE-2025-21732
ECHO-4B2E-2697-F324
OESA-2025-1285
OESA-2025-1286
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
OPENSUSE-SU-2025_1195-1
RHSA-2025:20095
SUSE-SU-2025:01919-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:1183-1
SUSE-SU-2025:1195-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
SUSE-SU-2025_1195-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7651-1
USN-7651-2
USN-7651-3
USN-7651-4
USN-7651-5
USN-7651-6
USN-7652-1
USN-7653-1
USN-7737-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu