{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38151", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.989Z", "datePublished": "2025-07-03T08:35:55.879Z", "dateUpdated": "2025-07-28T04:13:40.970Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T04:13:40.970Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/core/cma.c"], "versions": [{"version": "51003b2c872c63d28bcf5fbcc52cf7b05615f7b7", "lessThan": "1ac40736c8c4255d8417b937c9715b193f4a87b3", "status": "affected", "versionType": "git"}, {"version": "c2b169fc7a12665d8a675c1ff14bca1b9c63fb9a", "lessThan": "ac7897c0124066b9705ffca252a3662d54fc0c9b", "status": "affected", "versionType": "git"}, {"version": "d23fd7a539ac078df119707110686a5b226ee3bb", "lessThan": "02e45168e0fd6fdc6f8f7c42c4b500857aa5efb0", "status": "affected", "versionType": "git"}, {"version": "45f5dcdd049719fb999393b30679605f16ebce14", "lessThan": "8b05aa3692e45b8249379dc52b14acc6a104d2e5", "status": "affected", "versionType": "git"}, {"version": "45f5dcdd049719fb999393b30679605f16ebce14", "lessThan": "92a251c3df8ea1991cd9fe00f1ab0cfce18d7711", "status": "affected", "versionType": "git"}, {"version": "b172a4a0de254f1fcce7591833a9a63547c2f447", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/core/cma.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.142", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.94", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.34", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.3", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.135", "versionEndExcluding": "6.1.142"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.88", "versionEndExcluding": "6.6.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.25", "versionEndExcluding": "6.12.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.15.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1ac40736c8c4255d8417b937c9715b193f4a87b3"}, {"url": "https://git.kernel.org/stable/c/ac7897c0124066b9705ffca252a3662d54fc0c9b"}, {"url": "https://git.kernel.org/stable/c/02e45168e0fd6fdc6f8f7c42c4b500857aa5efb0"}, {"url": "https://git.kernel.org/stable/c/8b05aa3692e45b8249379dc52b14acc6a104d2e5"}, {"url": "https://git.kernel.org/stable/c/92a251c3df8ea1991cd9fe00f1ab0cfce18d7711"}], "title": "RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/cma: Se corrige el bloqueo cuando cma_netevent_callback no puede ejecutar queue_work La confirmaci\u00f3n citada corrigi\u00f3 un bloqueo cuando se llamaba a cma_netevent_callback para un cma_id mientras que el trabajo en ese id de una llamada anterior a\u00fan no hab\u00eda comenzado. El elemento de trabajo se reinicializ\u00f3 en la segunda llamada, lo que corrompi\u00f3 el elemento de trabajo que se encontraba actualmente en la cola de trabajos. Sin embargo, dej\u00f3 un problema cuando queue_work falla (porque el elemento sigue pendiente en la cola de trabajos de una llamada anterior). En este caso, por lo tanto, cma_id_put (que se llama en el controlador de trabajos) no se llama. Esto da como resultado un bloqueo del proceso del espacio de usuario (proceso zombi). Arregle esto llamando a cma_id_put() si queue_work falla."}], "id": "CVE-2025-38151", "lastModified": "2025-07-03T15:13:53.147", "metrics": {}, "published": "2025-07-03T09:15:30.093", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/02e45168e0fd6fdc6f8f7c42c4b500857aa5efb0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1ac40736c8c4255d8417b937c9715b193f4a87b3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8b05aa3692e45b8249379dc52b14acc6a104d2e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/92a251c3df8ea1991cd9fe00f1ab0cfce18d7711"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ac7897c0124066b9705ffca252a3662d54fc0c9b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work", "id": "2376049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376049"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\nFix this by calling cma_id_put() if queue_work fails."], "name": "CVE-2025-38151", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38151\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38151\nhttps://lore.kernel.org/linux-cve-announce/2025070336-CVE-2025-38151-6483@gregkh/T"], "threat_severity": "Moderate"}