CVE-2025-71064
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-01-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's hns3 network driver where resource allocation for transmit queue pairs (tqps) is inconsistent. Specifically, the driver uses different values to allocate arrays for hdev->htqp and kinfo->tqp, leading to some elements in hdev->htqp remaining uninitialized. This happens because kinfo->num_tqps is set to the minimum of new_tqps and hdev->num_tqps, which can be smaller than hdev->num_tqps. The patch fixes this by allocating both arrays using hdev->num_tqps, ensuring all elements are properly initialized.
How can this vulnerability impact me? :
The impact of this vulnerability is that uninitialized elements in the hdev->htqp array could lead to unpredictable behavior in the network driver, potentially causing system instability, crashes, or security issues related to improper resource handling. However, specific impacts such as remote code execution or data leakage are not detailed.