CVE-2025-21732: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21732 addresses a race condition vulnerability in the Linux kernel's RDMA/mlx5 driver. The issue was discovered in January 2025 and affects the memory registration (MR) handling in the mlx5 InfiniBand driver. The vulnerability occurs during the memory deregistration process when dealing with On-Demand Paging (ODP) memory regions (CVE MITRE).

The race condition occurs during the _mlx5ibderegmr() flow, specifically in the sequence: mlx5revokemr(), mlx5rumrrevokemr(), and mlx5rumrpostsendwait(). After the lkey is freed from hardware's perspective, a concurrent mlx5ibinvalidaterange() operation might attempt to invalidate a range for the same freed lkey. This concurrent operation acquires the umemodp->umemmutex lock and calls mlx5rumrupdate_xlt() on the UMR QP, leading to a CQE error and causing the UMR QP to enter an error state (Kernel Git).

When exploited, this vulnerability can result in a Completion Queue Entry (CQE) error on the User Memory Region (UMR) Queue Pair (QP), causing the QP to enter an error state. This can potentially disrupt RDMA operations and affect system stability (Kernel Git).

The issue has been fixed by modifying the mlx5revokemr() function to acquire the umemodp->umemmutex lock before performing the revocation process. Additionally, after a successful revoke, the fix sets umem_odp->private to NULL, preventing any further invalidation attempts on the freed lkey. The patch has been merged into the mainline kernel (Kernel Git).