CVE-2025-38544: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38544 is a vulnerability affecting the Linux kernel's RDMA/rxe component. The vulnerability was discovered and disclosed on June 19, 2024, with the latest updates being made on August 6, 2025 (Ubuntu CVE).

The vulnerability exists in the rxecompqueuepkt() function where an incoming response packet skb is enqueued to the resppkts queue. The issue occurs when a decision is made whether to run the completer task inline or schedule it, followed by dereferencing the skb to bump a 'hw' performance counter. This can lead to a segmentation fault if the completer task running in a separate thread has already processed and freed the skb. The vulnerability has been assigned a CVSS 3 Severity Score of 6.3 (Medium) (Ubuntu CVE).

The vulnerability can cause segmentation faults in the Linux kernel, particularly during high-scale operations. These crashes have been observed infrequently during testing and could potentially affect system stability (Ubuntu CVE).

The issue has been fixed by changing the order of operations in the code, specifically by moving the packet enqueuing operation until after the performance counter is accessed. Various Linux distributions have released patches, including Ubuntu which has provided fixes for multiple kernel versions across different releases (Ubuntu CVE).