Volerion logoVolerion
Volerion logoVolerion

Linux Kernel RTNL Lock Vulnerability in mlx5e Component

Vulnerability

A vulnerability in the Linux kernel's mlx5e networking component has been addressed. The issue arose because the Real-Time Networking Lock (RTNL) was not held when calling the xdp_set_features() function for a registered network device. This omission could trigger netdev notifiers and lead to assertion failures, particularly when switching network profiles. The vulnerability was present in the Linux kernel versions prior to 6.4.0.

Impact

The vulnerability could cause a kernel assertion failure, disrupting network operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by switching from an uplink representative to a NIC profile on a network device using the mlx5e driver. This action will trigger the xdp_set_features() call without the necessary RTNL lock, causing an assertion failure.

Remediation

Users can upgrade to Linux kernel version 6.4.0 or later, where this vulnerability has been fixed.

Added: Oct 7, 2025, 5:48 PM
Updated: Oct 7, 2025, 5:48 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.