CVE-2025-39973
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/10/2025
Last modified:
16/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
i40e: add validation for ring_len param<br />
<br />
The `ring_len` parameter provided by the virtual function (VF)<br />
is assigned directly to the hardware memory context (HMC) without<br />
any validation.<br />
<br />
To address this, introduce an upper boundary check for both Tx and Rx<br />
queue lengths. The maximum number of descriptors supported by the<br />
hardware is 8k-32.<br />
Additionally, enforce alignment constraints: Tx rings must be a multiple<br />
of 8, and Rx rings must be a multiple of 32.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0543d40d6513cdf1c7882811086e59a6455dfe97
- https://git.kernel.org/stable/c/05fe81fb9db20464fa532a3835dc8300d68a2f84
- https://git.kernel.org/stable/c/45a7527cd7da4cdcf3b06b5c0cb1cae30b5a5985
- https://git.kernel.org/stable/c/55d225670def06b01af2e7a5e0446fbe946289e8
- https://git.kernel.org/stable/c/7d749e38dd2b7e8a80da2ca30c93e09de95bfcf9
- https://git.kernel.org/stable/c/afec12adab55d10708179a64d95d650741e60fe0
- https://git.kernel.org/stable/c/c0c83f4cd074b75cecef107bfc349be7d516c9c4
- https://git.kernel.org/stable/c/d3b0d3f8d11fa957171fbb186e53998361a88d4e