Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-37911— bnxt_en: Fix out-of-bound memcpy() during ethtool -w

EPSS 0.13% · P31

Affected Version Matrix 16

VendorProductVersion RangeStatus
LinuxLinuxc74751f4c39232c31214ec6a3bc1c7e62f5c728b< 69b10dd23ab826d0c7f2d9ab311842251978d0c1affected
c74751f4c39232c31214ec6a3bc1c7e62f5c728b< 43292b83424158fa6ec458799f3cb9c54d18c484affected
c74751f4c39232c31214ec6a3bc1c7e62f5c728b< 4d69864915a3a052538e4ba76cd6fd77cfc64ebeaffected
c74751f4c39232c31214ec6a3bc1c7e62f5c728b< 44807af79efd0d78fa36383dd865ddfe7992c0a6affected
c74751f4c39232c31214ec6a3bc1c7e62f5c728b< 44d81a9ebf0cad92512e0ffdf7412bfe20db66ecaffected
c74751f4c39232c31214ec6a3bc1c7e62f5c728b< 6b87bd94f34370bbf1dfa59352bed8efab5bf419affected
4bf973a1f84aefb64750bdb3afe72d54de3199d7affected
a76837dd731b68cc3b5690470bc9efa2a8e3801aaffected
… +8 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-37911

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
bnxt_en: Fix out-of-bound memcpy() during ethtool -w
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45): __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] ethtool_get_dump_data+0xdc/0x1a0 __dev_ethtool+0xa1e/0x1af0 dev_ethtool+0xa8/0x170 dev_ioctl+0x1b5/0x580 sock_do_ioctl+0xab/0xf0 sock_ioctl+0x1ce/0x2e0 __x64_sys_ioctl+0x87/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x78/0x80 ... This happens when copying the coredump segment list in bnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command. The info->dest_buf buffer is allocated based on the number of coredump segments returned by the FW. The segment list is then DMA'ed by the FW and the length of the DMA is returned by FW. The driver then copies this DMA'ed segment list to info->dest_buf. In some cases, this DMA length may exceed the info->dest_buf length and cause the above BUG condition. Fix it by capping the copy length to not exceed the length of info->dest_buf. The extra DMA data contains no useful information. This code path is shared for the HWRM_DBG_COREDUMP_LIST and the HWRM_DBG_COREDUMP_RETRIEVE FW commands. The buffering is different for these 2 FW commands. To simplify the logic, we need to move the line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE up, so that the new check to cap the copy length will work for both commands.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于bnxt_en模块在ethtool获取固件转储时内存拷贝越界,可能导致内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux c74751f4c39232c31214ec6a3bc1c7e62f5c728b ~ 69b10dd23ab826d0c7f2d9ab311842251978d0c1 -
LinuxLinux 5.5 -

II. Public POCs for CVE-2025-37911

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-37911

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-05-20 · 95 CVEs total

CVE-2025-379249.8 CRITICALksmbd: fix use-after-free in kerberos authentication
CVE-2025-37958mm/huge_memory: fix dereferencing invalid pmd migration entry
CVE-2025-37954smb: client: Avoid race in open_cached_dir with lease breaks
CVE-2025-37953sch_htb: make htb_deactivate() idempotent
CVE-2025-37949xenbus: Use kref to track req lifetime
CVE-2025-37948arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
CVE-2025-37947ksmbd: prevent out-of-bounds stream writes by validating *pos
CVE-2025-37946s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs
CVE-2025-37945net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
CVE-2025-37950ocfs2: fix panic in failed foilio allocation
CVE-2025-37957KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
CVE-2025-37956ksmbd: prevent rename with empty string
CVE-2025-37960memblock: Accept allocated memory before use in memblock_double_array()
CVE-2025-37959bpf: Scrub packet on bpf_redirect_peer
CVE-2025-37961ipvs: fix uninit-value for saddr in do_output_route4
CVE-2025-37963arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
CVE-2025-37962ksmbd: fix memory leak in parse_lease_state()
CVE-2025-37964x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
CVE-2025-37965drm/amd/display: Fix invalid context error in dml helper
CVE-2025-37967usb: typec: ucsi: displayport: Fix deadlock

Showing top 20 of 95 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-37911

No comments yet

Leave a comment