🟡 Medium | Source: Microsoft Security Response Center
CVE-2025-21888 is a vulnerability in the Linux kernel’s RDMA/mlx5 driver, specifically triggered during the deregistration of a memory region of DM (Device Memory) type, causing an unexpected kernel warning. This flaw affects systems using Mellanox/NVIDIA ConnectX network adapters with RDMA capabilities, which are commonly found in high-performance Azure virtual machine SKUs. While the advisory is sparse on detail, kernel-level RDMA vulnerabilities can affect memory integrity and system stability in workloads relying on high-speed networking.
Security Architect’s Take: Review whether your Azure VM deployments use RDMA-capable SKUs (such as HB, HC, HBv2/v3, or ND series) and ensure the underlying host and any Linux guest OS kernels are patched promptly; also assess whether Azure’s managed update mechanisms cover this or if manual kernel updates are required for custom images.
Original advisory: CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type