CVE-2025-39810 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write CWE-131 — Incorrect Calculation of Buffer Size CWE-22 — Path Traversal24 documents7 sources

Severity

7.8HIGHNVD

OSV3.2

EPSS

0.0%

top 96.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +16 more

Timeline

PublishedSep 16

Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix memory corruption when FW resources change during ifdown bnxt_set_dflt_rings() assumes that it is always called before any TC has been created. So it doesn't take bp->num_tc into account and assumes that it is always 0 or 1. In the FW resource or capability change scenario, the FW will return flags in bnxt_hwrm_if_change() that will cause the driver to reinitialize and call bnxt_cancel_reservations(). This will l…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages21 packages

▶NVDlinux/linux_kernel5.4 — 6.12.45+2

▶Debianlinux/linux_kernel< 6.12.48-1+1

▶Ubuntulinux/linux_kernel< 6.8.0-106.106

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.104.2-4_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-raspi, linux-raspi-realtime vulnerabilities↗2026-04-01

▶

OSV

linux-azure-6.8 vulnerabilities↗2026-03-25

▶

OSV

linux-azure vulnerabilities↗2026-03-25

▶

OSV

linux-aws-6.8 vulnerabilities↗2026-03-23

▶

OSV

linux-realtime, linux-realtime-6.8 vulnerabilities↗2026-03-17

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2026-03-23

▶

External resources

NVD MITRE

Affected products19

Debian Linuxfixed in linux 6.16.5-1 (forky)

Linux≥ ec5d31e3c15d5233b491400133c67f78a320062c, < d00e98977ef519280b075d783653e2c492fffbb6≥ ec5d31e3c15d5233b491400133c67f78a320062c, < 9ab6a9950f152e094395d2e3967f889857daa185≥ ec5d31e3c15d5233b491400133c67f78a320062c, < 2747328ba2714f1a7454208dbbc1dc0631990b4a+1 more

Linux Kernel≥ 0, < 6.12.48-1≥ 0, < 6.16.5-1≥ 5.4, < 6.12.45+3 more

Msrc Azl3 Busybox 1.36.1-11 ON Azure Linux 3.0

Msrc Azl3 Busybox 1.36.1-12 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.104.2-4 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.112.1-2 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.117.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-3 ON Azure Linux 3.0

Disclosure

PublishedSep 16, 2025

Latest updateApr 9, 2026