{"id":"CVE-2025-38440","summary":"net/mlx5e: Fix race between DIM disable and net_dim()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race between DIM disable and net_dim()\n\nThere's a race between disabling DIM and NAPI callbacks using the dim\npointer on the RQ or SQ.\n\nIf NAPI checks the DIM state bit and sees it still set, it assumes\n`rq-\u003edim` or `sq-\u003edim` is valid. But if DIM gets disabled right after\nthat check, the pointer might already be set to NULL, leading to a NULL\npointer dereference in net_dim().\n\nFix this by calling `synchronize_net()` before freeing the DIM context.\nThis ensures all in-progress NAPI callbacks are finished before the\npointer is cleared.\n\nKernel log:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:net_dim+0x23/0x190\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? common_interrupt+0xf/0xa0\n ? sysvec_call_function_single+0xb/0x90\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? net_dim+0x23/0x190\n ? mlx5e_poll_ico_cq+0x41/0x6f0 [mlx5_core]\n ? sysvec_apic_timer_interrupt+0xb/0x90\n mlx5e_handle_rx_dim+0x92/0xd0 [mlx5_core]\n mlx5e_napi_poll+0x2cd/0xac0 [mlx5_core]\n ? mlx5e_poll_ico_cq+0xe5/0x6f0 [mlx5_core]\n busy_poll_stop+0xa2/0x200\n ? mlx5e_napi_poll+0x1d9/0xac0 [mlx5_core]\n ? mlx5e_trigger_irq+0x130/0x130 [mlx5_core]\n __napi_busy_loop+0x345/0x3b0\n ? sysvec_call_function_single+0xb/0x90\n ? asm_sysvec_call_function_single+0x16/0x20\n ? sysvec_apic_timer_interrupt+0xb/0x90\n ? pcpu_free_area+0x1e4/0x2e0\n napi_busy_loop+0x11/0x20\n xsk_recvmsg+0x10c/0x130\n sock_recvmsg+0x44/0x70\n __sys_recvfrom+0xbc/0x130\n ? __schedule+0x398/0x890\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n...\n---[ end trace 0000000000000000 ]---\n...\n---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---","modified":"2026-03-20T12:42:51.331001Z","published":"2025-07-25T15:27:19.447Z","related":["SUSE-SU-2025:03290-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38440.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2bc6fb90486e42dd80e660ef7a40c02b2516c6d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7581afc051542e11ccf3ade68acd01b7fb1a3cde"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eb41a264a3a576dc040ee37c3d9d6b7e2d9be968"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38440.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38440"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"445a25f6e1a2f6a132b06af6ede4f3c9b5f9af68"},{"fixed":"7581afc051542e11ccf3ade68acd01b7fb1a3cde"},{"fixed":"2bc6fb90486e42dd80e660ef7a40c02b2516c6d6"},{"fixed":"eb41a264a3a576dc040ee37c3d9d6b7e2d9be968"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38440.json"}}],"schema_version":"1.7.5"}