CVE-2025-39922
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-12-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.9 (inc) to 6.12.46 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.16.6 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to incorrect configuration of EEE link modes and potential out-of-bounds memory access in the ixgbe driver. Such out-of-bounds access could cause system instability, crashes, or potentially allow an attacker to exploit the kernel for further malicious actions, impacting system reliability and security.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's ixgbe driver involves the incorrect use of the ixgbe_lp_map in loops that were intended to populate the supported and advertised Energy Efficient Ethernet (EEE) linkmode bitmaps based on ixgbe_ls_map. Because ixgbe_lp_map and ixgbe_ls_map have different sizes and purposes, this misuse results in incorrect bit settings and potential out-of-bounds memory access. The fix involves using ixgbe_ls_map for supported and advertised linkmodes and reserving ixgbe_lp_map usage only for link partner (lp_advertised) mapping.