101 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: Fixed the truesize for the mb-xdp-pass case. When mb-xdp is set and return is XDPPASS, the packet is converted from xdpbuff to skbuff using xdpupdateskbsharedinfo in bnxtxdpbuildskb. However, bnxtxdpbuildskb passes an...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxtxdpbuildskb The bnxtrxpkt function updates the ipsummed value at the end if the checksum offload is enabled. When the XDP-MB program is executed and returns XDPPASS, the bnxtxdpbuildskb...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fixed a possible memory leak. This issue occurs in bnxtresetupchipctx, when bnxtqplibmapdbbar fails; the driver does not free the memory allocated for “rdev-chipctx”...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RX consumer index logic in the error path. In bnxtrxpkt, the RX buffers are expected to complete in order. If the RX consumer index indicates an out-of-order buffer completion, it means we are encountering a...
CVE-2026-43034 bnxt_en: set backing store type from query type
In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...
SUSE CVE-2026-31395
In the Linux kernel, the following vulnerability has been resolved: bnxten: fix OOB access in DBGBUFPRODUCER async event handler The ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER handler in bnxtasynceventprocess uses a firmware-supplied 'type' field directly as an index into bp-bstrace without bounds...
SUSE CVE-2026-23041
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer crash in bnxtptpenable during error cleanup When bnxtinitone fails during initialization e.g., bnxtinitintmode returns -ENODEV, the error path calls bnxtfreehwrmresources which destroys the DMA pool and...
CVE-2026-23041
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer crash in bnxtptpenable during error cleanup When bnxtinitone fails during initialization e.g., bnxtinitintmode returns -ENODEV, the error path calls bnxtfreehwrmresources which destroys the DMA pool and...
CVE-2026-23041
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer crash in bnxtptpenable during error cleanup When bnxtinitone fails during initialization e.g., bnxtinitintmode returns -ENODEV, the error path calls bnxtfreehwrmresources which destroys the DMA pool and...
UBUNTU-CVE-2026-23041
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer crash in bnxtptpenable during error cleanup When bnxtinitone fails during initialization e.g., bnxtinitintmode returns -ENODEV, the error path calls bnxtfreehwrmresources which destroys the DMA pool and...
ROS-20260120-7349
A vulnerability in the drivers/net/ethernet/broadcom/bnxt component of the Linux kernel is related to duplicate operations on a resource. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
UBUNTU-CVE-2025-71092
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix OOB write in bnxtrecopyerrstats Commit ef56081d1864 "RDMA/bnxtre: RoCE related hardware counters update" added three new counters and placed them after BNXTREOUTOFSEQERR. BNXTREOUTOFSEQERR acts as a boundary mark...
CVE-2025-68770
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix XDPTX path For XDPTX action in bnxtrxxdp, clearing of the event flags is not correct. bnxtpollwork - bnxtrxpkt - bnxtrxxdp may be looping within NAPI and some event flags may be set in earlier iterations. In particula...
UBUNTU-CVE-2025-68770
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix XDPTX path For XDPTX action in bnxtrxxdp, clearing of the event flags is not correct. bnxtpollwork - bnxtrxpkt - bnxtrxxdp may be looping within NAPI and some event flags may be set in earlier iterations. In particula...
PT-2026-6111
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19-rc3 Description The Broadcom network driver in the Linux kernel contains a flaw related to PTP Precision Time Protocol handling. Specifically, a NULL pointer dereference can occur in the bnxt ptp enable...
PT-2025-53046
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s RDMA/bnxt re component related to handling completions after queue pair QP destruction. Hardware may generate completions even after a QP is destroyed...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that RDMA bnxtre may process completion events even after destroying QPs, potentially leadin...
SUSE CVE-2025-68197
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...
CVE-2025-68197
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...
CVE-2025-68197
The CVE-2025-68197 issue affects the Linux kernel bnxt_en driver. It fixes a null pointer dereference in bnxt_bs_trace_check_wrap() that could occur when FW trace data type is uninitialized on older FW, leading to a crash in bnxt_bs_trace_type_wrap(). The patch adds a guard to verify a valid magi...