PT-2026-2873 · Hns3+3 · Hns3+3

Published

2025-01-01

·

Updated

2026-05-11

·

CVE-2025-71112

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the networking subsystem related to the hns3 driver. Specifically, the system lacks proper validation of VLAN IDs received from a Virtual Function (VF) configuration mailbox. This can lead to an out-of-bounds memory access if the VLAN ID is greater than or equal to VLAN N VID when used without validation. The vlan del fail bmap length is determined by BITS TO LONGS(VLAN N VID), and an invalid VLAN ID can cause memory corruption.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-03362
CVE-2025-71112
ECHO-52D1-CA58-77FF
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0471-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0474-1
SUSE-SU-2026:0475-1
SUSE-SU-2026:0495-1
SUSE-SU-2026:0496-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:1131-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu
Hns3