Home

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR. BNXT_RE_OUT_OF_SEQ_ERR acts as a boundary marker for allocating hardware statistics with different num_counters values on chip_gen_p5_p7 devices. As a result, BNXT_RE_NUM_STD_COUNTERS are used when allocating hw_stats, which leads to an out-of-bounds write in bnxt_re_copy_err_stats(). The counters BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, and BNXT_RE_RESP_REMOTE_ACCESS_ERRS are applicable to generic hardware, not only p5/p7 devices. Fix this by moving these counters before BNXT_RE_OUT_OF_SEQ_ERR so they are included in the generic counter set.

PUBLISHED Reserved 2026-01-13 | Published 2026-01-13 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

ef56081d1864582a6db50710733416c0510b7826 (git) before 369a161c48723f60f06f3510b82ea7d96d0499ab
affected

ef56081d1864582a6db50710733416c0510b7826 (git) before 9b68a1cc966bc947d00e4c0df7722d118125aa37
affected

Default status
affected

6.18
affected

Any version before 6.18
unaffected

6.18.4 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/369a161c48723f60f06f3510b82ea7d96d0499ab

git.kernel.org/...c/9b68a1cc966bc947d00e4c0df7722d118125aa37

cve.org (CVE-2025-71092)

nvd.nist.gov (CVE-2025-71092)

Download JSON