CVE-2025-68790

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68790
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68790.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68790
Downstream
Published
2026-01-13T15:29:02.907Z
Modified
2026-02-09T19:34:00.434240Z
Summary
net/mlx5: Fix double unregister of HCA_PORTS component
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix double unregister of HCA_PORTS component

Clear hcadevcomcomp in device's private data after unregistering it in LAG teardown. Otherwise a slightly lagging second pass through mlx5unloadone() might try to unregister it again and trip over use-after-free.

On s390 almost all PCI level recovery events trigger two passes through mxl5unloadone() - one through the pollhealth() method and one through mlx5pcierrdetected() as callback from generic PCI error recovery. While testing PCI error recovery paths with more kernel debug features enabled, this issue reproducibly led to kernel panics with the following call chain:

Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803 ESOP-2 FSI Fault in home space mode while using kernel ASCE. AS:00000000705c4007 R3:0000000000000024 Oops: 0038 ilc:3 [#1]SMP

CPU: 14 UID: 0 PID: 156 Comm: kmcheck Kdump: loaded Not tainted 6.18.0-20251130.rc7.git0.16131a59cab1.300.fc43.s390x+debug #1 PREEMPT

Krnl PSW : 0404e00180000000 0000020fc86aa1dc (_lockacquire+0x5c/0x15f0) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3 Krnl GPRS: 0000000000000000 0000020f00000001 6b6b6b6b6b6b6c33 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000020fca28b820 0000000000000000 0000010a1ced8100 0000010a1ced8100 0000020fc9775068 0000018fce14f8b8 0000018fce14f7f8 Krnl Code: 0000020fc86aa1cc: e3b003400004 lg %r11,832 0000020fc86aa1d2: a7840211 brc 8,0000020fc86aa5f4 *0000020fc86aa1d6: c09000df0b25 larl %r9,0000020fca28b820

0000020fc86aa1dc: d50790002000 clc 0(8,%r9),0(%r2) 0000020fc86aa1e2: a7840209 brc 8,0000020fc86aa5f4 0000020fc86aa1e6: c0e001100401 larl %r14,0000020fca8aa9e8 0000020fc86aa1ec: c01000e25a00 larl %r1,0000020fca2f55ec 0000020fc86aa1f2: a7eb00e8 aghi %r14,232

Call Trace: _lockacquire+0x5c/0x15f0 lockacquire.part.0+0xf8/0x270 lockacquire+0xb0/0x1b0 downwrite+0x5a/0x250 mlx5detachdevice+0x42/0x110 [mlx5core] mlx5unloadonedevllocked+0x50/0xc0 [mlx5core] mlx5unloadone+0x42/0x60 [mlx5core] mlx5pcierrdetected+0x94/0x150 [mlx5core] zpcieventattempterrorrecovery+0xcc/0x388

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68790.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5a977b5833b7a261bfa6094595ffa73c1071588c
Fixed
d2495f529d60e8e8c43e6ad524089c38b8be7bc4
Fixed
6a107cfe9c99a079e578a4c5eb70038101a3599f

Affected versions

v6.*
v6.17
v6.17-rc6
v6.17-rc7
v6.18
v6.18-rc1
v6.18-rc2
v6.18-rc3
v6.18-rc4
v6.18-rc5
v6.18-rc6
v6.18-rc7
v6.18.1
v6.18.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68790.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68790.json"