CVE-2025-40330
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Shutdown FW DMA in bnxt_shutdown() The netif_close() call in bnxt_shutdown() only stops packet DMA. There may be FW DMA for trace logging (recently added) that will continue. If we kexec to a new kernel, the DMA will corrupt memory in the new kernel. Add bnxt_hwrm_func_drv_unrgtr() to unregister the driver from the FW. This will stop the FW DMA. In case the call fails, call pcie_flr() to reset the function and stop the DMA.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40330
EUVD
EUVD-2025-201872
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
bnxt bnxt_en *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's bnxt_en driver during shutdown. The netif_close() call in bnxt_shutdown() stops packet DMA but does not stop firmware (FW) DMA used for trace logging. If the system performs a kexec to a new kernel, the ongoing FW DMA can corrupt memory in the new kernel. The fix involves unregistering the driver from the firmware to stop the FW DMA, and if that fails, resetting the function to stop the DMA.

Impact Analysis

If exploited, this vulnerability can cause memory corruption in the new kernel after a kexec operation, potentially leading to system instability, crashes, or unpredictable behavior.

Mitigation Strategies

To mitigate this vulnerability, ensure that the Linux kernel is updated to a version that includes the fix where bnxt_hwrm_func_drv_unrgtr() is called to unregister the driver from the firmware, stopping the firmware DMA. If that call fails, a PCIe function level reset (pcie_flr()) should be performed to reset the function and stop the DMA. Avoid performing kexec to a new kernel without these fixes applied to prevent memory corruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart