CVE-2025-22112: eth: bnxt: fix out-of-range access of vnic_info array

Description

In the Linux kernel, the following vulnerability has been resolved:

eth: bnxt: fix out-of-range access of vnic_info array

The bnxt_queue_{start | stop}() access vnic_info as much as allocated,
which indicates bp->nr_vnics.
So, it should not reach bp->vnic_info[bp->nr_vnics].

Classification

CVE ID: CVE-2025-22112

Affected Products

Vendor: Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.26% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22112
https://git.kernel.org/stable/c/b1e081d331ab3a0dea25425f2b6ddeb365fc9d22
https://git.kernel.org/stable/c/919f9f497dbcee75d487400e8f9815b74a6a37df

Timeline

2025-04-16 15:40:45 UTC
CVE

eth: bnxt: fix out-of-range access of vnic_info array