CVE-2025-38387

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Initialize objevent->objsublist before xainsert

The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below:

mlx5core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced) mlx5core.sf mlx5core.sf.4: firmware version: 32.38.3056 mlx5core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0 mlx5core.sf mlx5core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps IPv6: ADDRCONF(NETDEVCHANGE): en3f0pf0sf2002: link becomes ready Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000 [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000 Internal error: Oops: 96000006 [#1] SMP Modules linked in: ipmbhost(OE) actmirred(E) clsflower(E) schingress(E) mptcpdiag(E) udpdiag(E) rawdiag(E) unixdiag(E) tcpdiag(E) inetdiag(E) binfmtmisc(E) bonding(OE) rdmaucm(OE) rdmacm(OE) iwcm(OE) ibipoib(OE) ibcm(OE) isofs(E) cdrom(E) mstpciconf(OE) ibumad(OE) mlx5ib(OE) ipmbdevint(OE) mlx5core(OE) kpatch15237886(OEK) mlxdevm(OE) auxiliary(OE) ibuverbs(OE) ibcore(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10difce(E) ghashce(E) sha1ce(E) sbsagwdt(E) virtioconsole(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmcblock(E) virtionet(E) netfailover(E) failover(E) sha2ce(E) sha256arm64(E) nvme(OE) nvmecore(OE) gpiomlxbf3(OE) mlxcompat(OE) mlxbfpmc(OE) i2cmlxbf(OE) sdhciofdwcmshc(OE) pinctrlmlxbf3(OE) mlxbfpka(OE) gpiogeneric(E) i2ccore(E) mmccore(E) mlxbfgige(OE) vitesse(E) pwrmlxbf(OE) mlxbftmfifo(OE) micrel(E) mlxbfbootctl(OE) virtioring(E) virtio(E) ipmidevintf(E) ipmimsghandler(E) [last unloaded: mstpci] CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1 Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023 pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--) pc : dispatcheventfd+0x68/0x300 [mlx5ib] lr : devxeventnotifier+0xcc/0x228 [mlx5ib] sp : ffff80001005bcf0 x29: ffff80001005bcf0 x28: 0000000000000001 x27: ffff244e0740a1d8 x26: ffff244e0740a1d0 x25: ffffda56beff5ae0 x24: ffffda56bf911618 x23: ffff244e0596a480 x22: ffff244e0596a480 x21: ffff244d8312ad90 x20: ffff244e0596a480 x19: fffffffffffffff0 x18: 0000000000000000 x17: 0000000000000000 x16: ffffda56be66d620 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000040 x10: ffffda56bfcafb50 x9 : ffffda5655c25f2c x8 : 0000000000000010 x7 : 0000000000000000 x6 : ffff24545a2e24b8 x5 : 0000000000000003 x4 : ffff80001005bd28 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff244e0596a480 x0 : ffff244d8312ad90 Call trace: dispatcheventfd+0x68/0x300 [mlx5ib] devxeventnotifier+0xcc/0x228 [mlx5ib] atomicnotifiercallchain+0x58/0x80 mlx5eqasyncint+0x148/0x2b0 [mlx5core] atomicnotifiercallchain+0x58/0x80 irqinthandler+0x20/0x30 [mlx5core] _handleirqeventpercpu+0x60/0x220 handleirqeventpercpu+0x3c/0x90 handleirqevent+0x58/0x158 handlefasteoiirq+0xfc/0x188 generichandleirq+0x34/0x48 ...