CVE-2025-22112

eth: bnxt: fix out-of-range access of vnic_info array

Published: 4/16/2025 Last updated: 6/27/2025 Reserved: 12/29/2024

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnic_info array The bnxt_queue_{start | stop}() access vnic_info as much as allocated, which indicates bp->nr_vnics. So, it should not reach bp->vnic_info[bp->nr_vnics].

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (3)

Product	Vendor	Version
Linux	Linux	V500R002C00SPC700
Linux	Linux	QCA6554A
Linux	Linux	CSRB31024

References (6)

https://git.kernel.org/stable/c/e1724f07693439deaa413ebc2a2640325cf247f5
https://git.kernel.org/stable/c/b1e081d331ab3a0dea25425f2b6ddeb365fc9d22
https://git.kernel.org/stable/c/919f9f497dbcee75d487400e8f9815b74a6a37df
https://git.kernel.org/stable/c/e1724f07693439deaa413ebc2a2640325cf247f5
https://git.kernel.org/stable/c/b1e081d331ab3a0dea25425f2b6ddeb365fc9d22
https://git.kernel.org/stable/c/919f9f497dbcee75d487400e8f9815b74a6a37df