CVE-2025-22112

HIGH

Linux Kernel 6.12.20-6.12.34, 6.13.0-6.13.9, 6.14 - Out-of-bounds Read in bnxt_queue_{start | stop}()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnic_info array The bnxt_queue_{start | stop}() access vnic_info as much as allocated, which indicates bp->nr_vnics. So, it should not reach bp->vnic_info[bp->nr_vnics].

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/e1724f07693439deaa413ebc2a2640325cf247f5

Patch

https://git.kernel.org/stable/c/b1e081d331ab3a0dea25425f2b6ddeb365fc9d22

Patch

https://git.kernel.org/stable/c/919f9f497dbcee75d487400e8f9815b74a6a37df

Scores

CVSS v3 7.1

EPSS 0.0017

EPSS Percentile 6.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (16)

linux/Kernel < 6.12.35linux

linux/Kernel 6.13.0 - 6.14.2linux

Linux/Linux < 6.14

Linux/Linux 6.12.20 - 6.12.35

Linux/Linux 6.12.35 - 6.12.*

Linux/Linux 6.13.8 - 6.14

Linux/Linux 6.14

Linux/Linux 6.14.2 - 6.14.*

Linux/Linux 6.15

Linux/Linux 661958552eda5bf64bfafb4821cbdded935f1f68 - 919f9f497dbcee75d487400e8f9815b74a6a37df

... and 6 more

Published Apr 16, 2025

Tracked Since Feb 18, 2026