CVE-2025-39922

Summary

In the Linux kernel, the following vulnerability has been resolved:

ixgbe: fix incorrect map used in eee linkmode

incorrectly used ixgbe_lp_map in loops intended to populate the supported and advertised EEE linkmode bitmaps based on ixgbe_ls_map. This results in incorrect bit setting and potential out-of-bounds access, since ixgbe_lp_map and ixgbe_ls_map have different sizes and purposes.

ixgbe_lp_map[i] -> ixgbe_ls_map[i]

Use ixgbe_ls_map for supported and advertised linkmodes, and keep ixgbe_lp_map usage only for link partner (lp_advertised) mapping.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9356b6db9d051e9d939dd0f9ae7a0514103ef228 < 682105ab63826fb7ca7c112b42b478d156fbb19faffected
LinuxLinux9356b6db9d051e9d939dd0f9ae7a0514103ef228 < 129c1cb8a081a02d99267cb51708f1326395f4e8affected
LinuxLinux9356b6db9d051e9d939dd0f9ae7a0514103ef228 < b7e5c3e3bfa9dc8af75ff6d8633ad7070e1985e4affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.46 <= 6.12.*unaffected
LinuxLinux6.16.6 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References