CVE-2025-40252
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's qlogic/qede network driver. It involves two functions, qede_tpa_cont() and qede_tpa_end(), which iterate over an array called cqe->len_list[] using a zero-length terminator to stop the loop. If this terminator is missing or malformed, the loops can read beyond the end of the fixed-size array, causing a potential out-of-bounds read. The fix adds explicit boundary checks to prevent this out-of-bounds access.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds reads in the Linux kernel network driver, which may cause system instability, crashes, or potentially expose sensitive kernel memory. Such behavior could be exploited by attackers to cause denial of service or information disclosure.