CVE-2025-38628 vdpa/mlx5: Fix release of uninitialized resources on error path

🗓️ 22 Aug 2025 16:00:36Reported by GoogleType

osv

osv🔗 osv.dev👁 3 Views

CVE-2025-38628: Kernel fix for mlx5_vdpa_free cleanup of vdpa resources with uninitialized state.

Reporter	Title	Published	Views	Family All 88
AstraLinux	Astra Linux - уязвимость в linux-5.10	20 May 202605:53	–	astralinux
CNNVD	Linux kernel 安全漏洞	22 Aug 202500:00	–	cnnvd
CVE	CVE-2025-38628	22 Aug 202516:00	–	cve
Cvelist	CVE-2025-38628 vdpa/mlx5: Fix release of uninitialized resources on error path	22 Aug 202516:00	–	cvelist
Debian CVE	CVE-2025-38628	22 Aug 202516:00	–	debiancve
EUVD	EUVD-2025-25573	3 Oct 202520:07	–	euvd
F5 Networks	K000158999: Linux kernel vulnerability CVE-2025-38628	5 Jan 202606:11	–	f5
NVD	CVE-2025-38628	22 Aug 202516:15	–	nvd
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025-20081-1)	2 Dec 202500:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20662)	15 Oct 202500:00	–	nessus

Source	Link
git	www.git.kernel.org/stable/c/37f26b9013b46457b0a96633fc3a7dc977d8beb1
git	www.git.kernel.org/stable/c/6de4ef950dd56a6a81daf92d8a1d864fc6a56971
git	www.git.kernel.org/stable/c/cc51a66815999afb7e9cd845968de4fdf07567b7
git	www.git.kernel.org/stable/c/cf4fc23d0d3d5b89b36f0d79f2674510bb574d8e
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38628.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-38628
git	www.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

02 Apr 2026 12:48Current

6Medium risk

Vulners AI Score6

CVSS 3.15.5

EPSS0.00024

vulnerability 2025 38628 linux kernel mlx5 vdpa free vdpa resources uninitialized resources memory region resources asynchronous context vdpa device add cleanup path