CVE-2025-68197

Summary

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap()

With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will result in a crash in bnxt_bs_trace_type_wrap(). Add a guard to check for a valid magic_byte pointer before proceeding.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux84fcd9449fd7882ddfb05ba64d75f9be2d29b2e9 < 689ae5ba31293eebb7f21c0ef8939468ac72b5ceaffected
LinuxLinux84fcd9449fd7882ddfb05ba64d75f9be2d29b2e9 < ff02be05f78399c766be68ab0b2285ff90b2aaa8affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.17.8 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References