PT-2025-22173 · Linux+6 · Linux Kernel+6
Published
2025-04-30
·
Updated
2026-04-20
·
CVE-2025-37911
CVSS v2.0
5.7
Medium
| Vector | AV:L/AC:H/Au:S/C:P/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A memory corruption issue has been identified in the Linux kernel, specifically in the bnxt en module, when retrieving the FW coredump using ethtool. This can cause memory corruption due to an out-of-bound memcpy() operation. The issue occurs when the DMA length exceeds the allocated buffer length, leading to a BUG condition. The problem is resolved by capping the copy length to prevent it from exceeding the buffer length.
Recommendations
To resolve this issue, update the Linux kernel to a version that includes the fix for the out-of-bound memcpy() operation in the bnxt en module.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu