-

CVE-2025-40252

EPSS 0.03%
Veröffentlicht 04.12.2025 16:16:18
Zuletzt bearbeitet 06.12.2025 22:15:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate
over 'cqe->len_list[]' using only a zero-length terminator as
the stopping condition. If the terminator was missing or
malformed, the loop could run past the end of the fixed-size array.

Add an explicit bound check using ARRAY_SIZE() in both loops to prevent
a potential out-of-bounds access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ecbb12caf399d7cf364b7553ed5aebeaa2f255bc

Version 55482edc25f0606851de42e73618f813f310d009

Status affected

Version < a778912b4a53587ea07d85526d152f85d109cbfe

Version 55482edc25f0606851de42e73618f813f310d009

Status affected

Version < f0923011c1261b33a2ac1de349256d39cb750dd0

Version 55482edc25f0606851de42e73618f813f310d009

Status affected

Version < 917a9d02182ac8b4f25eb47dc02f3ec679608c24

Version 55482edc25f0606851de42e73618f813f310d009

Status affected

Version < e441db07f208184e0466abf44b389a81d70c340e

Version 55482edc25f0606851de42e73618f813f310d009

Status affected

Version < 896f1a2493b59beb2b5ccdf990503dbb16cb2256

Version 55482edc25f0606851de42e73618f813f310d009

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.6

Status affected

Version < 4.6

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.118

Status unaffected

Version <= 6.12.*

Version 6.12.60

Status unaffected

Version <= 6.17.*

Version 6.17.10

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.087

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/896f1a2493b59beb2b5ccdf990503dbb16cb2256

https://git.kernel.org/stable/c/917a9d02182ac8b4f25eb47dc02f3ec679608c24

https://git.kernel.org/stable/c/e441db07f208184e0466abf44b389a81d70c340e

https://git.kernel.org/stable/c/f0923011c1261b33a2ac1de349256d39cb750dd0

https://git.kernel.org/stable/c/a778912b4a53587ea07d85526d152f85d109cbfe

https://git.kernel.org/stable/c/ecbb12caf399d7cf364b7553ed5aebeaa2f255bc

https://nvd.nist.gov/vuln/detail/CVE-2025-40252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40252

EUVD