List Corruption in Linux Kernel Affecting bnxt Driver
CVE-2025-38246

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38246?

A vulnerability in the Linux kernel's bnxt driver has been identified that can lead to list corruption during the execution of the XDP_REDIRECT feature. This issue manifests in a crash scenario where the linked list's integrity is compromised, causing unexpected behaviors and instability within the system. When triggered, the kernel outputs an error related to list_add corruption, indicating that the next pointer's previous reference does not match expectations. This flaw poses risks, particularly in production environments utilizing advanced networking features.

Affected Version(s)

Linux a7559bc8c17c3f9a91dcbeefe8642ba757fd09e8

Linux a7559bc8c17c3f9a91dcbeefe8642ba757fd09e8 < 02bf488d56df9db4f5147280b65d9011e1ab88d2

Linux a7559bc8c17c3f9a91dcbeefe8642ba757fd09e8 < 9caca6ac0e26cd20efd490d8b3b2ffb1c7c00f6f

References

https://git.kernel.org/stable/c/c6665b8f0f58082c480ed8627...

https://git.kernel.org/stable/c/02bf488d56df9db4f5147280b...

https://git.kernel.org/stable/c/9caca6ac0e26cd20efd490d8b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025