SB2025082046 - NULL pointer dereference in Linux kernel core en_accel driver
Published: August 20, 2025
Security Bulletin ID
SB2025082046
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_ipsec_offload_handle_rx_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/137b12a4900eb6971b889839eab6036f72cbb217
- https://git.kernel.org/stable/c/314f568b84b01f6eac1e4313ca47f9ade4349443
- https://git.kernel.org/stable/c/3a5782431d84716b66302b07ff1b32fea1023bd5
- https://git.kernel.org/stable/c/6d19c44b5c6dd72f9a357d0399604ec16a77de3c
- https://git.kernel.org/stable/c/781a0bbf377443ef06f3248221f06cb555935530