Out-of-Bounds Read Vulnerability in Linux Kernel by QLogic
CVE-2025-40252

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40252?

A security vulnerability in the Linux kernel affects QLogic devices, specifically in the functions 'qede_tpa_cont()' and 'qede_tpa_end()'. In these functions, loops iterate over 'cqe->len_list[]' without a proper stopping condition, potentially leading to out-of-bounds read operations if the length terminator is missing or malformed. This could allow unauthorized access to memory beyond the bounds of the intended array, necessitating the implementation of a bound check using ARRAY_SIZE() to prevent such access and enhance security.

Affected Version(s)

Linux 55482edc25f0606851de42e73618f813f310d009

Linux 55482edc25f0606851de42e73618f813f310d009 < 917a9d02182ac8b4f25eb47dc02f3ec679608c24

Linux 55482edc25f0606851de42e73618f813f310d009

References

https://git.kernel.org/stable/c/f0923011c1261b33a2ac1de34...

https://git.kernel.org/stable/c/917a9d02182ac8b4f25eb47dc...

https://git.kernel.org/stable/c/e441db07f208184e0466abf44...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON