Linux Kernel mlx5 E-Switch Offloads Pairing Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of Mellanox mlx5 Ethernet devices can lead to issues with device offloading. The problem arises in the E-Switch component, where the function 'mlx5_get_next_phys_dev()' was called without the necessary interface lock. This vulnerability was introduced by a recent commit that added an assertion to ensure the lock is held, highlighting a race condition that could be exploited during device communication events.

Impact

Exploitation of this vulnerability could disrupt the proper functioning of device offloading in mlx5 E-Switches, potentially leading to performance issues or incorrect handling of network traffic.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel mlx5 E-Switch Offloads Pairing Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating