AZL-75342

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75342.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-75342

Upstream

CVE-2025-39947

Published

2025-10-04T08:15:47Z

Modified

2026-04-01T05:22:50.977524Z

Summary

CVE-2025-39947 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Harden uplink netdev access against device unbind

The function mlx5uplinknetdevget() gets the uplink netdevice pointer from mdev->mlx5eres.uplinknetdev. However, the netdevice can be removed and its pointer cleared when unbound from the mlx5core.eth driver. This results in a NULL pointer, causing a kernel panic.

BUG: unable to handle page fault for address: 0000000000001300 at RIP: 0010:mlx5evportrepload+0x22a/0x270 [mlx5core] Call Trace: <TASK> mlx5eswoffloadsrepload+0x68/0xe0 [mlx5core] eswoffloadsenable+0x593/0x910 [mlx5core] mlx5eswitchenablelocked+0x341/0x420 [mlx5core] mlx5devlinkeswitchmodeset+0x17e/0x3a0 [mlx5core] devlinknleswitchsetdoit+0x60/0xd0 genlfamilyrcvmsgdoit+0xe0/0x130 genlrcvmsg+0x183/0x290 netlinkrcvskb+0x4b/0xf0 genlrcv+0x24/0x40 netlinkunicast+0x255/0x380 netlinksendmsg+0x1f3/0x420 __sock_sendmsg+0x38/0x60 _syssendto+0x119/0x180 dosyscall64+0x53/0x1d0 entrySYSCALL64afterhwframe+0x4b/0x53

Ensure the pointer is valid before use by checking it for NULL. If it is valid, immediately call netdev_hold() to take a reference, and preventing the netdevice from being freed while it is in use.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39947

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75342.json"