Kernel Vulnerability in qed Drivers Affecting Linux Systems
CVE-2025-39949

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39949?

A vulnerability in the Linux kernel related to the qed drivers can lead to a buffer overflow, causing a kernel panic. When firmware returns an excessive number of protection override GRC elements, it attempts to write beyond the allocated memory buffer, triggering a critical error. This can occur through either the qede Ethernet driver or the qedf storage driver paths. The issue underscores the importance of capping the firmware's return values to prevent system instability and enhance overall security.

Affected Version(s)

Linux d52c89f120de849575f6b2e5948038f2be12ce6f < 25672c620421fa2105703a94a29a03487245e6d6

Linux d52c89f120de849575f6b2e5948038f2be12ce6f

Linux d52c89f120de849575f6b2e5948038f2be12ce6f < 8141910869596b7a3a5d9b46107da2191d523f82

References

https://git.kernel.org/stable/c/25672c620421fa2105703a94a...

https://git.kernel.org/stable/c/e0e24571a7b2f8c8f06e25d34...

https://git.kernel.org/stable/c/8141910869596b7a3a5d9b461...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON