Heap Overflow Vulnerability in Linux Kernel's e1000e Driver
CVE-2025-39898

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39898?

A heap overflow vulnerability exists in the e1000_set_eeprom function of the Linux kernel's e1000e driver. This flaw potentially allows attackers to exploit the driver by manipulating the EEPROM's change request length, which could lead to unintended memory corruption. The vulnerability has been addressed by improving input validation and changing related variable types to enhance code reliability and security practices.

Affected Version(s)

Linux bc7f75fa97884d41efbfde1397b621fefb2550b4

Linux bc7f75fa97884d41efbfde1397b621fefb2550b4 < 99a8772611e2d7ec318be7f0f072037914a1f509

References

https://git.kernel.org/stable/c/ea832ec0583e2398ea0c5ed8d...

https://git.kernel.org/stable/c/ce8829d3d44b8622741bccca9...

https://git.kernel.org/stable/c/99a8772611e2d7ec318be7f0f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON