You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
mlx5 driver
About this tag
The mlx5 driver is the upstream Linux kernel driver for Mellanox/NVIDIA ConnectX and BlueField adapters, widely used in high-performance networking and enterprise data centers. Discussions on WindowsForum.com cover several CVEs affecting this driver, including CVE-2025-38109, a use-after-free during shutdown in the ECVF vport teardown, which Microsoft's advisory confirms affects Azure Linux. CVE-2024-26907 addresses a fortify-source warning in RDMA mlx5 code, impacting availability for systems using Mellanox/NVIDIA adapters. CVE-2025-68209 fixes unsafe default values in Completion Queue creation, preventing kernel null-pointer faults. These threads highlight the driver's critical role in network stability and security, with patches that infrastructure teams should prioritize.
The Linux kernel patch that fixed CVE-2025-38109 addresses a use‑after‑free during shutdown in the mlx5 driver’s ECVF (embedded chip virtual function) vport teardown — and Microsoft’s public advisory and machine‑readable VEX/CSAF attestation currently name Azure Linux as the Microsoft product...
A fortify-source warning in the Linux kernel’s RDMA mlx5 code has been closed out as CVE-2024-26907, and while the fix is narrowly targeted at a compile-time/runtime bounds check in a memcpy path, the practical impact on high-performance network stacks — and on the availability of systems that...
A small, surgical kernel fix published in mid‑December closes a subtle yet real stability hole in the Mellanox/NVIDIA mlx5 driver: CVE‑2025‑68209 corrects unsafe default values used when creating Completion Queues (CQs), preventing a rare path where a polling‑only kernel CQ could be spuriously...