CVE-2025-40117

Summary

In the Linux kernel, the following vulnerability has been resolved:

misc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl()

Commit eefb83790a0d ("misc: pci_endpoint_test: Add doorbell test case") added NO_BAR (-1) to the pci_barno enum which, in practical terms, changes the enum from an unsigned int to a signed int. If the user passes a negative number in pci_endpoint_test_ioctl() then it results in an array underflow in pci_endpoint_test_bar().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxeefb83790a0dda112d1755e4f5e213738d717e76 < 6df3687922570f753574c40b35e83b26b32292d0affected
LinuxLinuxeefb83790a0dda112d1755e4f5e213738d717e76 < 1ad82f9db13d85667366044acdfb02009d576c5aaffected
LinuxLinux6.17affected
LinuxLinux0 < 6.17unaffected
LinuxLinux6.17.3 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References