Security tracker / CVE-2025-39947

CVE-2025-39947

net/mlx5e: Harden uplink netdev access against device unbind

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 7a9fb35e8c3a ("net/mlx5e: Do not reload ethernet ports when
 carnil> changing eswitch mode"). Vulnerable versions: 5.13.

Bugs

Status

Branch	Status
upstream	released (6.17-rc7) [6b4be64fd9fec16418f365c2d8e47a7566e9eba5]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.16-upstream-stable	released (6.16.9) [8df354eb2dd63d111ed5ae2e956e0dbb22bcf93b]
6.12-upstream-stable	released (6.12.49) [d1f3db4e7a3be29fc17f01850f162363f919370d]
6.6-upstream-stable	released (6.6.108) [2cb17c88edd3a1c7aa6bc880dcdb35a6866fcb2e]
6.1-upstream-stable	needed
5.10-upstream-stable	N/A "Vulnerable code not present"
sid	released (6.16.9-1)
6.12-trixie-security	released (6.12.57-1)
6.1-bookworm-security	needed
5.10-bullseye-security	N/A "Vulnerable code not present"