| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120431-CVE-2025-40252-2d9b@gregkh> Date: Thu, 4 Dec 2025 16:57:33 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator as the stopping condition. If the terminator was missing or malformed, the loop could run past the end of the fixed-size array. Add an explicit bound check using ARRAY_SIZE() in both loops to prevent a potential out-of-bounds access. Found by Linux Verification Center (linuxtesting.org) with SVACE. The Linux kernel CVE team has assigned CVE-2025-40252 to this issue. Affected and fixed versions =========================== Issue introduced in 4.6 with commit 55482edc25f0606851de42e73618f813f310d009 and fixed in 6.6.118 with commit f0923011c1261b33a2ac1de349256d39cb750dd0 Issue introduced in 4.6 with commit 55482edc25f0606851de42e73618f813f310d009 and fixed in 6.12.60 with commit 917a9d02182ac8b4f25eb47dc02f3ec679608c24 Issue introduced in 4.6 with commit 55482edc25f0606851de42e73618f813f310d009 and fixed in 6.17.10 with commit e441db07f208184e0466abf44b389a81d70c340e Issue introduced in 4.6 with commit 55482edc25f0606851de42e73618f813f310d009 and fixed in 6.18 with commit 896f1a2493b59beb2b5ccdf990503dbb16cb2256 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40252 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/qlogic/qede/qede_fp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f0923011c1261b33a2ac1de349256d39cb750dd0 https://git.kernel.org/stable/c/917a9d02182ac8b4f25eb47dc02f3ec679608c24 https://git.kernel.org/stable/c/e441db07f208184e0466abf44b389a81d70c340e https://git.kernel.org/stable/c/896f1a2493b59beb2b5ccdf990503dbb16cb2256
Powered by blists - more mailing lists