SB20251015115 - Out-of-bounds read in Linux kernel intel i40e driver
Published: October 15, 2025
Security Bulletin ID
SB20251015115
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-39970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i40e_validate_cloud_filter() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/28465770ca3b694286ff9ed6dfd558413f57d98f
- https://git.kernel.org/stable/c/3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b
- https://git.kernel.org/stable/c/3883e9702b6a4945e93b16c070f338a9f5b496f9
- https://git.kernel.org/stable/c/461e0917eedcd159d87f3ea846754a1e07d7e78a
- https://git.kernel.org/stable/c/560e1683410585fbd5df847f43433c4296f0d222
- https://git.kernel.org/stable/c/9739d5830497812b0bdeaee356ddefbe60830b88
- https://git.kernel.org/stable/c/a88c1b2746eccf00e2094b187945f0f1e990b400
- https://git.kernel.org/stable/c/f8c8e11825b24661596fa8db2f0981ba17ed0817