CVE-2025-38020
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38020
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38020.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38020
- Downstream
- Related
- Published
- 2025-06-18T09:28:27Z
- Modified
- 2025-10-18T02:12:19.867239Z
- Summary
- net/mlx5e: Disable MACsec offload for uplink representor profile
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Disable MACsec offload for uplink representor profile
MACsec offload is not supported in switchdev mode for uplink representors. When switching to the uplink representor profile, the MACsec offload feature must be cleared from the netdevice's features.
If left enabled, attempts to add offloads result in a null pointer dereference, as the uplink representor does not support MACsec offload even though the feature bit remains set.
Clear NETIFFHWMACSEC in mlx5efixuplinkrep_features().
Kernel log:
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4forupstreamdebug202503021735 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:mutexlock+0x128/0x1dd0 Code: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff RSP: 0018:ffff888147a4f160 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078 RBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000 FS: 00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 Call Trace: <TASK> ? dieaddr+0x3d/0xa0 ? excgeneralprotection+0x144/0x220 ? asmexcgeneralprotection+0x22/0x30 ? mlx5emacsecaddsecy+0xf9/0x700 [mlx5core] ? _mutexlock+0x128/0x1dd0 ? lockdepsetlockcmpfn+0x190/0x190 ? mlx5emacsecaddsecy+0xf9/0x700 [mlx5core] ? mutexlockionested+0x1ae0/0x1ae0 ? lockacquire+0x1c2/0x530 ? macsecupdoffload+0x145/0x380 ? lockdephardirqsonprepare+0x400/0x400 ? kasansavestack+0x30/0x40 ? kasansavestack+0x20/0x40 ? kasansavetrack+0x10/0x30 ? _kasankmalloc+0x77/0x90 ? _kmallocnoprof+0x249/0x6b0 ? genlfamilyrcvmsgattrsparse.constprop.0+0xb5/0x240 ? mlx5emacsecaddsecy+0xf9/0x700 [mlx5core] mlx5emacsecaddsecy+0xf9/0x700 [mlx5core] ? mlx5emacsecaddrxsa+0x11a0/0x11a0 [mlx5core] macsecupdateoffload+0x26c/0x820 ? macsecsetmacaddress+0x4b0/0x4b0 ? lockdephardirqsonprepare+0x284/0x400 ? _rawspinunlockirqrestore+0x47/0x50 macsecupdoffload+0x2c8/0x380 ? macsecupdateoffload+0x820/0x820 ? _nlaparse+0x22/0x30 ? genlfamilyrcvmsgattrsparse.constprop.0+0x15e/0x240 genlfamilyrcvmsgdoit+0x1cc/0x2a0 ? genlfamilyrcvmsgattrsparse.constprop.0+0x240/0x240 ? capcapable+0xd4/0x330 genlrcvmsg+0x3ea/0x670 ? genlfamilyrcvmsgdumpit+0x2a0/0x2a0 ? lockdepsetlockcmpfn+0x190/0x190 ? macsecupdateoffload+0x820/0x820 netlinkrcvskb+0x12b/0x390 ? genlfamilyrcvmsgdumpit+0x2a0/0x2a0 ? netlinkack+0xd80/0xd80 ? rwsemdownreadslowpath+0xf90/0xf90 ? netlinkdelivertap+0xcd/0xac0 ? netlinkdelivertap+0x155/0xac0 ? _copyfromiter+0x1bb/0x12c0 genlrcv+0x24/0x40 netlinkunicast+0x440/0x700 ? netlinkattachskb+0x760/0x760 ? lockacquire+0x1c2/0x530 ? _mightfault+0xbb/0x170 netlinksendmsg+0x749/0xc10 ? netlinkunicast+0x700/0x700 ? _mightfault+0xbb/0x170 ? netlinkunicast+0x700/0x700 _socksendmsg+0xc5/0x190 syssendmsg+0x53f/0x760 ? importiovec+0x7/0x10 ? kernelsendmsg+0x30/0x30 ? copymsghdr+0x3c0/0x3c0 ? filterirqstacks+0x90/0x90 ? stackdepotsaveflags+0x28/0xa30 _syssen ---truncated---
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d
- https://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598
- https://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325
- https://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143
- https://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8ff0ac5be1446920d71bdce5547f0d8476e280ffFixed1e577aeb51e9deba4f2c10edfcb07cb3cb406598
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8ff0ac5be1446920d71bdce5547f0d8476e280ffFixedb48a47e137cedfd79655accaeeea6b296ad0b9e1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8ff0ac5be1446920d71bdce5547f0d8476e280ffFixed1f80e6ff026041721d8089da8c269b1963628325
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8ff0ac5be1446920d71bdce5547f0d8476e280ffFixed1a69d53922c1221351739f17837d38e317234e5d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8ff0ac5be1446920d71bdce5547f0d8476e280ffFixed588431474eb7572e57a927fa8558c9ba2f8af143
Affected versions
v6.*
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2025-38020-1d1fabf1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f80e6ff026041721d8089da8c269b1963628325",
"signature_version": "v1",
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"82429545302264881771484234609987936534",
"292233636203126675327427674550263763275",
"135770064274965771655315099989894641354"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2025-38020-1df44af5",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f80e6ff026041721d8089da8c269b1963628325",
"signature_version": "v1",
"target": {
"function": "mlx5e_fix_uplink_rep_features",
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"function_hash": "121662615493337875580881895516695211514",
"length": 847.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2025-38020-458d26dd",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b48a47e137cedfd79655accaeeea6b296ad0b9e1",
"signature_version": "v1",
"target": {
"function": "mlx5e_fix_uplink_rep_features",
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"function_hash": "121662615493337875580881895516695211514",
"length": 847.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2025-38020-48c8b121",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@588431474eb7572e57a927fa8558c9ba2f8af143",
"signature_version": "v1",
"target": {
"function": "mlx5e_fix_uplink_rep_features",
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"function_hash": "121662615493337875580881895516695211514",
"length": 847.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2025-38020-4b7b1439",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a69d53922c1221351739f17837d38e317234e5d",
"signature_version": "v1",
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"82429545302264881771484234609987936534",
"292233636203126675327427674550263763275",
"135770064274965771655315099989894641354"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2025-38020-590849ca",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e577aeb51e9deba4f2c10edfcb07cb3cb406598",
"signature_version": "v1",
"target": {
"function": "mlx5e_fix_uplink_rep_features",
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"function_hash": "121662615493337875580881895516695211514",
"length": 847.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2025-38020-5a6394c6",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b48a47e137cedfd79655accaeeea6b296ad0b9e1",
"signature_version": "v1",
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"82429545302264881771484234609987936534",
"292233636203126675327427674550263763275",
"135770064274965771655315099989894641354"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2025-38020-93c85bd3",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a69d53922c1221351739f17837d38e317234e5d",
"signature_version": "v1",
"target": {
"function": "mlx5e_fix_uplink_rep_features",
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"function_hash": "121662615493337875580881895516695211514",
"length": 847.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2025-38020-c025d3dc",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@588431474eb7572e57a927fa8558c9ba2f8af143",
"signature_version": "v1",
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"82429545302264881771484234609987936534",
"292233636203126675327427674550263763275",
"135770064274965771655315099989894641354"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2025-38020-d872e558",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e577aeb51e9deba4f2c10edfcb07cb3cb406598",
"signature_version": "v1",
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"82429545302264881771484234609987936534",
"292233636203126675327427674550263763275",
"135770064274965771655315099989894641354"
]
},
"deprecated": false
}
]