2 matches found
EUVD-2026-18772
In the Linux kernel, the following vulnerability has been resolved: bnxten: fix OOB access in DBGBUFPRODUCER async event handler The ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER handler in bnxtasynceventprocess uses a firmware-supplied 'type' field directly as an index into bp-bstrace without bounds...
CVE-2026-31395
The CVE-2026-31395 issue affects the bnxt_en driver in the Linux kernel. The ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER handler uses a firmware‑supplied 16‑bit type field as an index into bp->bs_trace[] without proper bounds validation, allowing values 0–65535 to trigger out‑of‑bounds access i...