CVE-2025-40252 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator as the stopping condition. If the terminator was missing or malformed, the loop could run past the end of the fixed-size array. Add an explicit bound check using ARRAY_SIZE() in both loops to prevent a potential out-of-bounds access. Found by Linux Verification Center (linuxtesting.org) with SVACE.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-04 | Updated 2025-12-04 | Assigner Linux

Product status

Default status

unaffected

55482edc25f0606851de42e73618f813f310d009 (git) before f0923011c1261b33a2ac1de349256d39cb750dd0

affected

55482edc25f0606851de42e73618f813f310d009 (git) before 917a9d02182ac8b4f25eb47dc02f3ec679608c24

affected

55482edc25f0606851de42e73618f813f310d009 (git) before e441db07f208184e0466abf44b389a81d70c340e

affected

55482edc25f0606851de42e73618f813f310d009 (git) before 896f1a2493b59beb2b5ccdf990503dbb16cb2256

affected

Default status

affected

4.6

affected

Any version before 4.6

unaffected

6.6.118 (semver)

unaffected

6.12.60 (semver)

unaffected

6.17.10 (semver)

unaffected

6.18 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/f0923011c1261b33a2ac1de349256d39cb750dd0

git.kernel.org/...c/917a9d02182ac8b4f25eb47dc02f3ec679608c24

git.kernel.org/...c/e441db07f208184e0466abf44b389a81d70c340e

git.kernel.org/...c/896f1a2493b59beb2b5ccdf990503dbb16cb2256

cve.org (CVE-2025-40252)

nvd.nist.gov (CVE-2025-40252)

help @ threatint.eu