CVE-2025-40252

EUVD-2025-201205
In the Linux kernel, the following vulnerability has been resolved:

net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate
over 'cqe->len_list[]' using only a zero-length terminator as
the stopping condition. If the terminator was missing or
malformed, the loop could run past the end of the fixed-size array.

Add an explicit bound check using ARRAY_SIZE() in both loops to prevent
a potential out-of-bounds access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensRUGGEDCOM RST2428P
𝑥
< V4.0
ADP
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.10-1
fixed
sid
7.0.10-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
linux-6.1
bullseye (security)
6.1.174-1~deb11u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
kernel-azure
suse enterprise sap 15 SP7
6.4.0-150700.20.24.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.24.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1.150700.17.19.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1.150700.17.19.1
fixed
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1.150700.17.19.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
kernel-docs
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
kernel-macros
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
kernel-source-azure
suse enterprise sap 15 SP7
6.4.0-150700.20.24.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.24.1
fixed
kernel-syms
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
kernel-syms-azure
suse enterprise sap 15 SP7
6.4.0-150700.20.24.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.24.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.28.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.28.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.290.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bpftool
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-abi-stablelists
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-core
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-debug
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-debug-core
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-debug-devel
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-debug-modules
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-debug-modules-extra
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-devel
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-doc
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-modules
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-modules-extra
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-rt
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-core
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-debug
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-debug-core
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-debug-devel
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-debug-kvm
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-debug-modules
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-debug-modules-extra
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-devel
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-kvm
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-modules
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-rt-modules-extra
RHEL 8
0:4.18.0-553.123.1.rt7.464.el8_10
fixed
kernel-tools
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-tools-libs
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-tools-libs-devel
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-zfcpdump
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-zfcpdump-core
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-zfcpdump-devel
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-zfcpdump-modules
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
kernel-zfcpdump-modules-extra
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
perf
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
python3-perf
RHEL 8
0:4.18.0-553.123.1.el8_10
fixed
References
https://git.kernel.org/stable/c/896f1a2493b59beb2b5ccdf990503dbb16cb2256
https://git.kernel.org/stable/c/917a9d02182ac8b4f25eb47dc02f3ec679608c24
https://git.kernel.org/stable/c/a778912b4a53587ea07d85526d152f85d109cbfe
https://git.kernel.org/stable/c/e441db07f208184e0466abf44b389a81d70c340e
https://git.kernel.org/stable/c/ecbb12caf399d7cf364b7553ed5aebeaa2f255bc
https://git.kernel.org/stable/c/f0923011c1261b33a2ac1de349256d39cb750dd0
https://cert-portal.siemens.com/productcert/html/ssa-253495.html