CVE-2025-40252

| EUVD-2025-201205
2025-12-04 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

4
Patch Released
Mar 16, 2026 - 15:00 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 16:35 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 16:35 euvd
EUVD-2025-201205
CVE Published
Dec 04, 2025 - 16:16 nvd
N/A

Tags

Buffer Overflow Linux Debian Linux Kernel

Description

In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator as the stopping condition. If the terminator was missing or malformed, the loop could run past the end of the fixed-size array. Add an explicit bound check using ARRAY_SIZE() in both loops to prevent a potential out-of-bounds access. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator as the stopping condition. If the terminator was missing or malformed, the loop could run past the end of the fixed-size array.

Add an explicit bound check using ARRAY_SIZE() in both loops to prevent a potential out-of-bounds access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Technical Context

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries.

Remediation

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +0
POC: 0

Vendor Status

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm fixed 6.1.159-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.63-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.17.10-1 -
linux-6.1
Release Status Fixed Version Urgency
bullseye (security) fixed 6.1.164-1~deb11u1 -
bullseye fixed 6.1.159-1~deb11u1 -
DLA-4436-1

Share

CVE-2025-40252 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy