CVE-2025-68779

This leads to a refcount underflow in some conditions: ------------[ cut here ]------------ refcountt: underflow; use-after-free. WARNING: CPU: 2 PID: 1694 at lib/refcount.c:28 refcountwarnsaturate+0xd8/0xe0 [...] mlx5epspunregister+0x26/0x50 [mlx5core] mlx5eniccleanup+0x26/0x90 [mlx5core] mlx5eremove+0xe6/0x1f0 [mlx5core] auxiliarybusremove+0x18/0x30 devicereleasedriverinternal+0x194/0x1f0 busremovedevice+0xc6/0x130 devicedel+0x159/0x3c0 mlx5rescandriverslocked+0xbc/0x2a0 [mlx5_core] [...]

Do not directly remove psp from the mlx5eremove path, the PSP cleanup happens as part of profile cleanup.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68779.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

89ee2d92f66c45625ff1c173df2dbdea32568c5d

Fixed

e12c912f92ccea671b514caf371f28485714bb4b

Fixed

35e93736f69963337912594eb3951ab320b77521

Affected versions

v6.*

v6.17

v6.17-rc6

v6.17-rc7

v6.18

v6.18-rc1

v6.18-rc2

v6.18-rc3

v6.18-rc4

v6.18-rc5

v6.18-rc6

v6.18-rc7

v6.18.1

v6.18.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68779.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68779.json"