Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Net/Mlx5 Devlink Parameter Unregistration Vulnerability When Interface Is Down

Vulnerability

A vulnerability exists in the Linux kernel's mlx5 driver, specifically in the handling of devlink parameters when an interface is down. The driver fails to unregister these parameters, leading to a warning during the shutdown process. This issue has been addressed by modifying the driver to properly unregister devlink parameters when the interface is not active.

Impact

The vulnerability could lead to a warning being generated during the shutdown process, indicating that devlink parameters were not properly unregistered.

Reproduction

To reproduce this vulnerability, bring an interface managed by the mlx5 driver down and then initiate a system shutdown. The warning about the devlink parameters not being unregistered will be displayed, indicating the presence of the vulnerability.

Remediation

Users can upgrade to the patched version of the Linux kernel where this issue has been addressed.

Added: Oct 1, 2025, 1:49 PM
Updated: Oct 1, 2025, 1:49 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.0
exploitability
5.7
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.