CVE-2025-71092
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.18 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.18.1 (inc) to 6.18.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds (OOB) write issue in the Linux kernel's RDMA bnxt_re driver, specifically in the function bnxt_re_copy_err_stats(). It occurred because three new hardware counters were added after a boundary marker counter (BNXT_RE_OUT_OF_SEQ_ERR), which caused incorrect allocation of hardware statistics and led to writing outside the intended memory bounds. The fix involved moving these counters before the boundary marker so they are properly included in the generic counter set.
How can this vulnerability impact me? :
An out-of-bounds write vulnerability can lead to memory corruption, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges on affected systems using the bnxt_re RDMA driver.