PT-2025-40096 · Linux+3 · Linux Kernel+3

Published

2025-09-09

Updated

2025-12-11

CVE-2025-39922

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel related to the nixgbe driver, specifically concerning the incorrect mapping used in EEE (Energy Efficient Ethernet) link mode. The driver incorrectly utilized ixgbe lp map when it should have used ixgbe ls map for populating supported and advertised link mode bitmaps. This resulted in incorrect bit settings and a potential out-of-bounds access due to the differing sizes and purposes of these maps. The fix involves using ixgbe ls map for supported and advertised link modes, reserving ixgbe lp map for link partner mapping.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-15666

CVE-2025-39922

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03601-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3725-1

Affected Products

Astra Linux

Linux Kernel

Suse

Nixgbe

PT-2025-40096 · Linux+3 · Linux Kernel+3

CVE-2025-39922

Weakness Enumeration

Related Identifiers

Affected Products

References · 1375