CVE-2025-71092
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats()
Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR.
BNXT_RE_OUT_OF_SEQ_ERR acts as a boundary marker for allocating hardware statistics with different num_counters values on chip_gen_p5_p7 devices.
As a result, BNXT_RE_NUM_STD_COUNTERS are used when allocating hw_stats, which leads to an out-of-bounds write in bnxt_re_copy_err_stats().
The counters BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, and BNXT_RE_RESP_REMOTE_ACCESS_ERRS are applicable to generic hardware, not only p5/p7 devices.
Fix this by moving these counters before BNXT_RE_OUT_OF_SEQ_ERR so they are included in the generic counter set.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | ef56081d1864582a6db50710733416c0510b7826 < 369a161c48723f60f06f3510b82ea7d96d0499ab | affected |
| Linux | Linux | ef56081d1864582a6db50710733416c0510b7826 < 9b68a1cc966bc947d00e4c0df7722d118125aa37 | affected |
| Linux | Linux | 6.18 | affected |
| Linux | Linux | 0 < 6.18 | unaffected |
| Linux | Linux | 6.18.4 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/369a161c48723f60f06f3510b82ea7d96d0499ab
- https://git.kernel.org/stable/c/9b68a1cc966bc947d00e4c0df7722d118125aa37
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.