CVE-2025-71092
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR. BNXT_RE_OUT_OF_SEQ_ERR acts as a boundary marker for allocating hardware statistics with different num_counters values on chip_gen_p5_p7 devices. As a result, BNXT_RE_NUM_STD_COUNTERS are used when allocating hw_stats, which leads to an out-of-bounds write in bnxt_re_copy_err_stats(). The counters BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, and BNXT_RE_RESP_REMOTE_ACCESS_ERRS are applicable to generic hardware, not only p5/p7 devices. Fix this by moving these counters before BNXT_RE_OUT_OF_SEQ_ERR so they are included in the generic counter set.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-71092
EUVD
EUVD-2026-2240
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.18
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.18.1 (inc) to 6.18.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds (OOB) write issue in the Linux kernel's RDMA bnxt_re driver, specifically in the function bnxt_re_copy_err_stats(). It occurred because three new hardware counters were added after a boundary marker counter (BNXT_RE_OUT_OF_SEQ_ERR), which caused incorrect allocation of hardware statistics and led to writing outside the intended memory bounds. The fix involved moving these counters before the boundary marker so they are properly included in the generic counter set.

Impact Analysis

An out-of-bounds write vulnerability can lead to memory corruption, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges on affected systems using the bnxt_re RDMA driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71092. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart