{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T22:47:22.747","vulnerabilities":[{"cve":{"id":"CVE-2025-68790","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-13T16:16:00.880","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix double unregister of HCA_PORTS component\n\nClear hca_devcom_comp in device's private data after unregistering it in\nLAG teardown. Otherwise a slightly lagging second pass through\nmlx5_unload_one() might try to unregister it again and trip over\nuse-after-free.\n\nOn s390 almost all PCI level recovery events trigger two passes through\nmxl5_unload_one() - one through the poll_health() method and one through\nmlx5_pci_err_detected() as callback from generic PCI error recovery.\nWhile testing PCI error recovery paths with more kernel debug features\nenabled, this issue reproducibly led to kernel panics with the following\ncall chain:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803 ESOP-2 FSI\n Fault in home space mode while using kernel ASCE.\n AS:00000000705c4007 R3:0000000000000024\n Oops: 0038 ilc:3 [#1]SMP\n\n CPU: 14 UID: 0 PID: 156 Comm: kmcheck Kdump: loaded Not tainted\n 6.18.0-20251130.rc7.git0.16131a59cab1.300.fc43.s390x+debug #1 PREEMPT\n\n Krnl PSW : 0404e00180000000 0000020fc86aa1dc (__lock_acquire+0x5c/0x15f0)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000000000000 0000020f00000001 6b6b6b6b6b6b6c33 0000000000000000\n 0000000000000000 0000000000000000 0000000000000001 0000000000000000\n 0000000000000000 0000020fca28b820 0000000000000000 0000010a1ced8100\n 0000010a1ced8100 0000020fc9775068 0000018fce14f8b8 0000018fce14f7f8\n Krnl Code: 0000020fc86aa1cc: e3b003400004 lg %r11,832\n 0000020fc86aa1d2: a7840211 brc 8,0000020fc86aa5f4\n *0000020fc86aa1d6: c09000df0b25 larl %r9,0000020fca28b820\n >0000020fc86aa1dc: d50790002000 clc 0(8,%r9),0(%r2)\n 0000020fc86aa1e2: a7840209 brc 8,0000020fc86aa5f4\n 0000020fc86aa1e6: c0e001100401 larl %r14,0000020fca8aa9e8\n 0000020fc86aa1ec: c01000e25a00 larl %r1,0000020fca2f55ec\n 0000020fc86aa1f2: a7eb00e8 aghi %r14,232\n\n Call Trace:\n __lock_acquire+0x5c/0x15f0\n lock_acquire.part.0+0xf8/0x270\n lock_acquire+0xb0/0x1b0\n down_write+0x5a/0x250\n mlx5_detach_device+0x42/0x110 [mlx5_core]\n mlx5_unload_one_devl_locked+0x50/0xc0 [mlx5_core]\n mlx5_unload_one+0x42/0x60 [mlx5_core]\n mlx5_pci_err_detected+0x94/0x150 [mlx5_core]\n zpci_event_attempt_error_recovery+0xcc/0x388"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet/mlx5: Solucionar el doble desregistro del componente HCA_PORTS\n\nBorrar hca_devcom_comp en los datos privados del dispositivo después de desregistrarlo en la desactivación de LAG. De lo contrario, una segunda pasada ligeramente retrasada a través de mlx5_unload_one() podría intentar desregistrarlo de nuevo y tropezar con un uso después de liberación.\n\nEn s390, casi todos los eventos de recuperación a nivel de PCI desencadenan dos pasadas a través de mxl5_unload_one(): una a través del método poll_health() y otra a través de mlx5_pci_err_detected() como devolución de llamada de la recuperación genérica de errores de PCI. Mientras se probaban las rutas de recuperación de errores de PCI con más funciones de depuración del kernel habilitadas, este problema condujo de forma reproducible a pánicos del kernel con la siguiente cadena de llamadas:\n\nUnable to handle kernel pointer dereference in virtual kernel address space\nFailing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803 ESOP-2 FSI\nFault in home space mode while using kernel ASCE.\nAS:00000000705c4007 R3:0000000000000024\nOops: 0038 ilc:3 [#1]SMP\n\nCPU: 14 UID: 0 PID: 156 Comm: kmcheck Kdump: loaded Not tainted\n 6.18.0-20251130.rc7.git0.16131a59cab1.300.fc43.s390x+debug #1 PREEMPT\n\nKrnl PSW : 0404e00180000000 0000020fc86aa1dc (__lock_acquire+0x5c/0x15f0)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\nKrnl GPRS: 0000000000000000 0000020f00000001 6b6b6b6b6b6b6c33 0000000000000000\n 0000000000000000 0000000000000000 0000000000000001 0000000000000000\n 0000000000000000 0000020fca28b820 0000000000000000 0000010a1ced8100\n 0000010a1ced8100 0000020fc9775068 0000018fce14f8b8 0000018fce14f7f8\nKrnl Code: 0000020fc86aa1cc: e3b003400004 lg %r11,832\n 0000020fc86aa1d2: a7840211 brc 8,0000020fc86aa5f4\n *0000020fc86aa1d6: c09000df0b25 larl %r9,0000020fca28b820\n >0000020fc86aa1dc: d50790002000 clc 0(8,%r9),0(%r2)\n 0000020fc86aa1e2: a7840209 brc 8,0000020fc86aa5f4\n 0000020fc86aa1e6: c0e001100401 larl %r14,0000020fca8aa9e8\n 0000020fc86aa1ec: c01000e25a00 larl %r1,0000020fca2f55ec\n 0000020fc86aa1f2: a7eb00e8 aghi %r14,232\n\nCall Trace:\n __lock_acquire+0x5c/0x15f0\n lock_acquire.part.0+0xf8/0x270\n lock_acquire+0xb0/0x1b0\n down_write+0x5a/0x250\n mlx5_detach_device+0x42/0x110 [mlx5_core]\n mlx5_unload_one_devl_locked+0x50/0xc0 [mlx5_core]\n mlx5_unload_one+0x42/0x60 [mlx5_core]\n mlx5_pci_err_detected+0x94/0x150 [mlx5_core]\n zpci_event_attempt_error_recovery+0xcc/0x388"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/6a107cfe9c99a079e578a4c5eb70038101a3599f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d2495f529d60e8e8c43e6ad524089c38b8be7bc4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}