CVE-2025-39949

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the qed driver related to handling protection override GRC elements. The firmware can return an excessive number of these elements, leading to a buffer overflow when attempting to dump them. This results in a kernel panic, specifically an “unable to handle kernel paging request” error. The issue occurs in both the qede Ethernet driver and the qedf storage driver paths. The vulnerable code includes functions such as qed grc dump addr range, qed protection override dump, qed dbg protection override dump, qed dbg feature, qed dbg all data, qed fw fatal reporter dump, and devlink health do dump. The panic occurs due to writing past the end of the dump buf buffer, located in p hwfn->cdev->dbg features[DBG FEATURE PROTECTION OVERRIDE].

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.