CVE-2025-38151 (GCVE-0-2025-38151)
Vulnerability from cvelistv5
Published
2025-07-03 08:35
Modified
2025-07-28 04:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
The cited commit fixed a crash when cma_netevent_callback was called for
a cma_id while work on that id from a previous call had not yet started.
The work item was re-initialized in the second call, which corrupted the
work item currently in the work queue.
However, it left a problem when queue_work fails (because the item is
still pending in the work queue from a previous call). In this case,
cma_id_put (which is called in the work handler) is therefore not
called. This results in a userspace process hang (zombie process).
Fix this by calling cma_id_put() if queue_work fails.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 51003b2c872c63d28bcf5fbcc52cf7b05615f7b7 Version: c2b169fc7a12665d8a675c1ff14bca1b9c63fb9a Version: d23fd7a539ac078df119707110686a5b226ee3bb Version: 45f5dcdd049719fb999393b30679605f16ebce14 Version: 45f5dcdd049719fb999393b30679605f16ebce14 Version: b172a4a0de254f1fcce7591833a9a63547c2f447 |
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ac40736c8c4255d8417b937c9715b193f4a87b3",
"status": "affected",
"version": "51003b2c872c63d28bcf5fbcc52cf7b05615f7b7",
"versionType": "git"
},
{
"lessThan": "ac7897c0124066b9705ffca252a3662d54fc0c9b",
"status": "affected",
"version": "c2b169fc7a12665d8a675c1ff14bca1b9c63fb9a",
"versionType": "git"
},
{
"lessThan": "02e45168e0fd6fdc6f8f7c42c4b500857aa5efb0",
"status": "affected",
"version": "d23fd7a539ac078df119707110686a5b226ee3bb",
"versionType": "git"
},
{
"lessThan": "8b05aa3692e45b8249379dc52b14acc6a104d2e5",
"status": "affected",
"version": "45f5dcdd049719fb999393b30679605f16ebce14",
"versionType": "git"
},
{
"lessThan": "92a251c3df8ea1991cd9fe00f1ab0cfce18d7711",
"status": "affected",
"version": "45f5dcdd049719fb999393b30679605f16ebce14",
"versionType": "git"
},
{
"status": "affected",
"version": "b172a4a0de254f1fcce7591833a9a63547c2f447",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.15"
},
{
"lessThan": "6.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.142",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.142",
"versionStartIncluding": "6.1.135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.94",
"versionStartIncluding": "6.6.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.34",
"versionStartIncluding": "6.12.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.3",
"versionStartIncluding": "6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T04:13:40.970Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ac40736c8c4255d8417b937c9715b193f4a87b3"
},
{
"url": "https://git.kernel.org/stable/c/ac7897c0124066b9705ffca252a3662d54fc0c9b"
},
{
"url": "https://git.kernel.org/stable/c/02e45168e0fd6fdc6f8f7c42c4b500857aa5efb0"
},
{
"url": "https://git.kernel.org/stable/c/8b05aa3692e45b8249379dc52b14acc6a104d2e5"
},
{
"url": "https://git.kernel.org/stable/c/92a251c3df8ea1991cd9fe00f1ab0cfce18d7711"
}
],
"title": "RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38151",
"datePublished": "2025-07-03T08:35:55.879Z",
"dateReserved": "2025-04-16T04:51:23.989Z",
"dateUpdated": "2025-07-28T04:13:40.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38151\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-03T09:15:30.093\",\"lastModified\":\"2025-07-03T15:13:53.147\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\\n\\nThe cited commit fixed a crash when cma_netevent_callback was called for\\na cma_id while work on that id from a previous call had not yet started.\\nThe work item was re-initialized in the second call, which corrupted the\\nwork item currently in the work queue.\\n\\nHowever, it left a problem when queue_work fails (because the item is\\nstill pending in the work queue from a previous call). In this case,\\ncma_id_put (which is called in the work handler) is therefore not\\ncalled. This results in a userspace process hang (zombie process).\\n\\nFix this by calling cma_id_put() if queue_work fails.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/cma: Se corrige el bloqueo cuando cma_netevent_callback no puede ejecutar queue_work La confirmaci\u00f3n citada corrigi\u00f3 un bloqueo cuando se llamaba a cma_netevent_callback para un cma_id mientras que el trabajo en ese id de una llamada anterior a\u00fan no hab\u00eda comenzado. El elemento de trabajo se reinicializ\u00f3 en la segunda llamada, lo que corrompi\u00f3 el elemento de trabajo que se encontraba actualmente en la cola de trabajos. Sin embargo, dej\u00f3 un problema cuando queue_work falla (porque el elemento sigue pendiente en la cola de trabajos de una llamada anterior). En este caso, por lo tanto, cma_id_put (que se llama en el controlador de trabajos) no se llama. Esto da como resultado un bloqueo del proceso del espacio de usuario (proceso zombi). Arregle esto llamando a cma_id_put() si queue_work falla.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/02e45168e0fd6fdc6f8f7c42c4b500857aa5efb0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1ac40736c8c4255d8417b937c9715b193f4a87b3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8b05aa3692e45b8249379dc52b14acc6a104d2e5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/92a251c3df8ea1991cd9fe00f1ab0cfce18d7711\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac7897c0124066b9705ffca252a3662d54fc0c9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…