github - ghsa-9vj3-c3f5-qhqx

GHSA-9VJ3-C3F5-QHQX

Vulnerability from github – Published: 2025-09-11 18:35 – Updated: 2025-11-25 21:32

Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: HWS, fix complex rules rehash error flow

Moving rules from matcher to matcher should not fail. However, if it does fail due to various reasons, the error flow should allow the kernel to continue functioning (albeit with broken steering rules) instead of going into series of soft lock-ups or some other problematic behaviour.

Similar to the simple rules, complex rules rehash logic suffers from the same problems. This patch fixes the error flow for moving complex rules: - If new rule creation fails before it was even enqeued, do not poll for completion - If TIMEOUT happened while moving the rule, no point trying to poll for completions for other rules. Something is broken, completion won't come, just abort the rehash sequence. - If some other completion with error received, don't give up. Continue handling rest of the rules to minimize the damage. - Make sure that the first error code that was received will be actually returned to the caller instead of replacing it with the generic error code.

All the aforementioned issues stem from the same bad error flow, so no point fixing them one by one and leaving partially broken code - fixing them in one patch.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-39768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-11T17:15:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, fix complex rules rehash error flow\n\nMoving rules from matcher to matcher should not fail.\nHowever, if it does fail due to various reasons, the error flow\nshould allow the kernel to continue functioning (albeit with broken\nsteering rules) instead of going into series of soft lock-ups or\nsome other problematic behaviour.\n\nSimilar to the simple rules, complex rules rehash logic suffers\nfrom the same problems. This patch fixes the error flow for moving\ncomplex rules:\n - If new rule creation fails before it was even enqeued, do not\n   poll for completion\n - If TIMEOUT happened while moving the rule, no point trying\n   to poll for completions for other rules. Something is broken,\n   completion won\u0027t come, just abort the rehash sequence.\n - If some other completion with error received, don\u0027t give up.\n   Continue handling rest of the rules to minimize the damage.\n - Make sure that the first error code that was received will\n   be actually returned to the caller instead of replacing it\n   with the generic error code.\n\nAll the aforementioned issues stem from the same bad error flow,\nso no point fixing them one by one and leaving partially broken\ncode - fixing them in one patch.",
  "id": "GHSA-9vj3-c3f5-qhqx",
  "modified": "2025-11-25T21:32:04Z",
  "published": "2025-09-11T18:35:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39768"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37d54bc28d092bc3b314da45d730f00e9d86ec2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a842b1bf18a32ee0c25dd6dd98728b786a76fe4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-39768 (GCVE-0-2025-39768)

Vulnerability from cvelistv5 – Published: 2025-09-11 16:56 – Updated: 2025-09-29 05:59

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix complex rules rehash error flow Moving rules from matcher to matcher should not fail. However, if it does fail due to various reasons, the error flow should allow the kernel to continue functioning (albeit with broken steering rules) instead of going into series of soft lock-ups or some other problematic behaviour. Similar to the simple rules, complex rules rehash logic suffers from the same problems. This patch fixes the error flow for moving complex rules: - If new rule creation fails before it was even enqeued, do not poll for completion - If TIMEOUT happened while moving the rule, no point trying to poll for completions for other rules. Something is broken, completion won't come, just abort the rehash sequence. - If some other completion with error received, don't give up. Continue handling rest of the rules to minimize the damage. - Make sure that the first error code that was received will be actually returned to the caller instead of replacing it with the generic error code. All the aforementioned issues stem from the same bad error flow, so no point fixing them one by one and leaving partially broken code - fixing them in one patch.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/37d54bc28d092bc3b…
	https://git.kernel.org/stable/c/4a842b1bf18a32ee0…

Impacted products

Vendor

Product

Version

Linux

Affected: 17e0accac577fd6ea2090934d71a8c6f36702a26 , < 37d54bc28d092bc3b314da45d730f00e9d86ec2a (git)
Affected: 17e0accac577fd6ea2090934d71a8c6f36702a26 , < 4a842b1bf18a32ee0c25dd6dd98728b786a76fe4 (git)

Linux

Affected: 6.16
Unaffected: 0 , < 6.16 (semver)
Unaffected: 6.16.4 , ≤ 6.16.* (semver)
Unaffected: 6.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc_complex.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "37d54bc28d092bc3b314da45d730f00e9d86ec2a",
              "status": "affected",
              "version": "17e0accac577fd6ea2090934d71a8c6f36702a26",
              "versionType": "git"
            },
            {
              "lessThan": "4a842b1bf18a32ee0c25dd6dd98728b786a76fe4",
              "status": "affected",
              "version": "17e0accac577fd6ea2090934d71a8c6f36702a26",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc_complex.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.16"
            },
            {
              "lessThan": "6.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, fix complex rules rehash error flow\n\nMoving rules from matcher to matcher should not fail.\nHowever, if it does fail due to various reasons, the error flow\nshould allow the kernel to continue functioning (albeit with broken\nsteering rules) instead of going into series of soft lock-ups or\nsome other problematic behaviour.\n\nSimilar to the simple rules, complex rules rehash logic suffers\nfrom the same problems. This patch fixes the error flow for moving\ncomplex rules:\n - If new rule creation fails before it was even enqeued, do not\n   poll for completion\n - If TIMEOUT happened while moving the rule, no point trying\n   to poll for completions for other rules. Something is broken,\n   completion won\u0027t come, just abort the rehash sequence.\n - If some other completion with error received, don\u0027t give up.\n   Continue handling rest of the rules to minimize the damage.\n - Make sure that the first error code that was received will\n   be actually returned to the caller instead of replacing it\n   with the generic error code.\n\nAll the aforementioned issues stem from the same bad error flow,\nso no point fixing them one by one and leaving partially broken\ncode - fixing them in one patch."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:59:01.618Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/37d54bc28d092bc3b314da45d730f00e9d86ec2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a842b1bf18a32ee0c25dd6dd98728b786a76fe4"
        }
      ],
      "title": "net/mlx5: HWS, fix complex rules rehash error flow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39768",
    "datePublished": "2025-09-11T16:56:22.984Z",
    "dateReserved": "2025-04-16T07:20:57.127Z",
    "dateUpdated": "2025-09-29T05:59:01.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-9VJ3-C3F5-QHQX

CVE-2025-39768 (GCVE-0-2025-39768)

Tags

Sightings

Nomenclature