CVE-2025-71092
EUVD-2026-224013.01.2026, 16:16
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats()
Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters
update") added three new counters and placed them after
BNXT_RE_OUT_OF_SEQ_ERR.
BNXT_RE_OUT_OF_SEQ_ERR acts as a boundary marker for allocating hardware
statistics with different num_counters values on chip_gen_p5_p7 devices.
As a result, BNXT_RE_NUM_STD_COUNTERS are used when allocating
hw_stats, which leads to an out-of-bounds write in
bnxt_re_copy_err_stats().
The counters BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, and
BNXT_RE_RESP_REMOTE_ACCESS_ERRS are applicable to generic hardware, not
only p5/p7 devices.
Fix this by moving these counters before BNXT_RE_OUT_OF_SEQ_ERR so they
are included in the generic counter set.EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 6.18.1 ≤ 𝑥 < 6.18.4 |
| linux | linux_kernel | 6.18 |
| linux | linux_kernel | 6.19:rc1 |
| linux | linux_kernel | 6.19:rc2 |
| linux | linux_kernel | 6.19:rc3 |
| linux | linux_kernel | 6.19:rc4 |
| linux | linux_kernel | 6.19:rc5 |
| linux | linux_kernel | 6.19:rc6 |
| linux | linux_kernel | 6.19:rc7 |
| linux | linux_kernel | 6.19:rc8 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
Vulnerability Media Exposure