Linux Kernel Vulnerability in i40e Driver Affecting Descriptor Management
CVE-2025-39973
What is CVE-2025-39973?
A vulnerability in the i40e driver within the Linux kernel allows the ring_len parameter provided by the virtual function to be assigned directly to the hardware memory context without adequate validation. This oversight could lead to various unintended behaviors. To mitigate this issue, an upper boundary check has been introduced for both transmit (Tx) and receive (Rx) queue lengths, ensuring they do not exceed the hardware's maximum capacity of 8k-32 descriptors. Additional alignment constraints have also been enforced, necessitating that Tx rings are a multiple of 8 and Rx rings a multiple of 32, thereby enhancing the robustness and security of the driver.
Affected Version(s)
Linux 5c3c48ac6bf56367c4e89f6453cd2d61e50375bd < 0543d40d6513cdf1c7882811086e59a6455dfe97
Linux 5c3c48ac6bf56367c4e89f6453cd2d61e50375bd < 7d749e38dd2b7e8a80da2ca30c93e09de95bfcf9
Linux 5c3c48ac6bf56367c4e89f6453cd2d61e50375bd < 45a7527cd7da4cdcf3b06b5c0cb1cae30b5a5985