CVE-2025-39810

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the bnxt en module where memory corruption can occur when firmware resources change during an interface shutdown (ifdown). The bnxt set dflt rings() function incorrectly assumes it is always called before any Traffic Control (TC) has been created, failing to account for the number of TC instances (bp->num tc). This can lead to insufficient sizing of the transmit rings (bp->tx ring[]) in bnxt alloc cp rings(), resulting in memory corruption when firmware resources or capabilities change, triggering reinitialization and a call to bnxt set dflt rings() with bp->num tc greater than 1. The issue is addressed by correctly scaling the transmit rings based on bp->num tc in the relevant code paths, utilizing helper functions to determine bp->tx nr rings and bp->tx nr rings per tc.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.