VYPR
Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Jun 2, 2026

CVE-2025-40252

CVE-2025-40252

Description

In the Linux kernel, the following vulnerability has been resolved:

net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator as the stopping condition. If the terminator was missing or malformed, the loop could run past the end of the fixed-size array.

Add an explicit bound check using ARRAY_SIZE() in both loops to prevent a potential out-of-bounds access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

118

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.