If you're working with the Linux kernel, you'll want to be aware of this recently resolved vulnerability. The net/mlx5 vulnerability is now fixed, addressing the issue where a variable was not being completed when a function returns early.
Here's what happened: when cmd_alloc_index() failed, cmd_work_handler() needed to complete ent->slotted before it could return early. Without this fix, the task that issued the command might hang, which is not a desirable outcome. The following code snippet demonstrates what was happening before and after the fix:
_Before the fix:_
if (cmd_alloc_index(ent)) {
mlx5_core_err(dev, "failed to allocate command entry\n");
return;
}
_After the fix:_
if (cmd_alloc_index(ent)) {
mlx5_core_err(dev, "failed to allocate command entry\n");
complete(&ent->slotted);
return;
}
The original source code and reference for this vulnerability can be found in the Linux kernel commit here.
As a result of the fix, the following error message that indicates a task is blocked for more than 120 seconds will no longer appear:
INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.
Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1
"echo > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
The error message and corresponding call trace provided important information to help identify and resolve this vulnerability. It's important to understand the implications of this vulnerability, as an uncompleted variable could lead to system performance degradation or even crashes. By addressing this issue in the net/mlx5 module, the Linux kernel is now more resilient.
In conclusion, the CVE-2025-21662 vulnerability has now been resolved in the Linux kernel. This should help prevent tasks from hanging when a function returns early, improving overall system stability and reliability. Be sure to stay vigilant about other potential vulnerabilities and apply security patches as necessary to maintain a secure and efficient operating environment.
Timeline
Published on: 01/21/2025 13:15:09 UTC