CVE-2025-40330
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bnxt | bnxt_en | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's bnxt_en driver during shutdown. The netif_close() call in bnxt_shutdown() stops packet DMA but does not stop firmware (FW) DMA used for trace logging. If the system performs a kexec to a new kernel, the ongoing FW DMA can corrupt memory in the new kernel. The fix involves unregistering the driver from the firmware to stop the FW DMA, and if that fails, resetting the function to stop the DMA.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause memory corruption in the new kernel after a kexec operation, potentially leading to system instability, crashes, or unpredictable behavior.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Linux kernel is updated to a version that includes the fix where bnxt_hwrm_func_drv_unrgtr() is called to unregister the driver from the firmware, stopping the firmware DMA. If that call fails, a PCIe function level reset (pcie_flr()) should be performed to reset the function and stop the DMA. Avoid performing kexec to a new kernel without these fixes applied to prevent memory corruption.