CVE-2025-71092

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats()<br /> <br /> Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters<br /> update") added three new counters and placed them after<br /> BNXT_RE_OUT_OF_SEQ_ERR.<br /> <br /> BNXT_RE_OUT_OF_SEQ_ERR acts as a boundary marker for allocating hardware<br /> statistics with different num_counters values on chip_gen_p5_p7 devices.<br /> <br /> As a result, BNXT_RE_NUM_STD_COUNTERS are used when allocating<br /> hw_stats, which leads to an out-of-bounds write in<br /> bnxt_re_copy_err_stats().<br /> <br /> The counters BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, and<br /> BNXT_RE_RESP_REMOTE_ACCESS_ERRS are applicable to generic hardware, not<br /> only p5/p7 devices.<br /> <br /> Fix this by moving these counters before BNXT_RE_OUT_OF_SEQ_ERR so they<br /> are included in the generic counter set.