CVE-2025-39947

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Harden uplink netdev access against device unbind

The function mlx5uplinknetdevget() gets the uplink netdevice pointer from mdev->mlx5eres.uplinknetdev. However, the netdevice can be removed and its pointer cleared when unbound from the mlx5core.eth driver. This results in a NULL pointer, causing a kernel panic.

BUG: unable to handle page fault for address: 0000000000001300 at RIP: 0010:mlx5evportrepload+0x22a/0x270 [mlx5core] Call Trace: <TASK> mlx5eswoffloadsrepload+0x68/0xe0 [mlx5core] eswoffloadsenable+0x593/0x910 [mlx5core] mlx5eswitchenablelocked+0x341/0x420 [mlx5core] mlx5devlinkeswitchmodeset+0x17e/0x3a0 [mlx5core] devlinknleswitchsetdoit+0x60/0xd0 genlfamilyrcvmsgdoit+0xe0/0x130 genlrcvmsg+0x183/0x290 netlinkrcvskb+0x4b/0xf0 genlrcv+0x24/0x40 netlinkunicast+0x255/0x380 netlinksendmsg+0x1f3/0x420 __sock_sendmsg+0x38/0x60 _syssendto+0x119/0x180 dosyscall64+0x53/0x1d0 entrySYSCALL64afterhwframe+0x4b/0x53

Ensure the pointer is valid before use by checking it for NULL. If it is valid, immediately call netdev_hold() to take a reference, and preventing the netdevice from being freed while it is in use.