cve 2025 38387

About this tag
CVE-2025-38387 is a Linux kernel vulnerability in the Mellanox/NVIDIA mlx5 RDMA driver that causes a null-pointer crash. The issue arises when the obj_event structure's list head is not initialized before being inserted into the XArray, leading to a poisonous pointer dereference and kernel oopses on affected hosts. A targeted fix ensures proper initialization to prevent the crash. This vulnerability affects systems using Mellanox ConnectX adapters or BlueField SmartNICs with the mlx5 driver. The discussion on WindowsForum.com covers the technical details of the bug and the patch, relevant for Linux system administrators and IT professionals managing RDMA-enabled hardware.
  1. Linux Kernel Fix: mlx5 RDMA Null Pointer Crash (CVE-2025-38387)

    The Linux kernel received a targeted fix for a null‑pointer crash in the Mellanox/NVIDIA mlx5 RDMA driver: the obj_event structure’s list head now gets initialized before it’s inserted into the XArray, preventing a poisonous pointer dereference that could cause kernel oopses on affected hosts...