PT-2025-42247 · Linux+4 · Linux Kernel+4

Published

2025-09-18

·

Updated

2026-05-07

·

CVE-2025-39972

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel’s i40e network driver related to index validation within the i40e validate queue map() function. Specifically, the issue occurs when iterating over vf->ch[idx], where the index idx is not properly validated to ensure it falls within the range of active or initialized traffic control (TC) queues. This could potentially lead to issues during queue map validation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Weakness Enumeration

CWE-665

Related Identifiers

AZL-68483
BDU:2026-02686
CVE-2025-39972
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-CD96-DFFA-F1E2
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2633
OESA-2025-2634
OESA-2025-2635
OPENSUSE-SU-2025:20091-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4189-1
SUSE-SU-2025:4301-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu