{"id":"CVE-2025-39973","summary":"i40e: add validation for ring_len param","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.","modified":"2026-05-18T05:57:29.485916594Z","published":"2025-10-15T07:55:55.590Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:21080-1","SUSE-SU-2025:21147-1","SUSE-SU-2025:21180-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4111-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4135-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4188-1","SUSE-SU-2025:4189-1","SUSE-SU-2025:4301-1","SUSE-SU-2025:4315-1","SUSE-SU-2025:4320-1","SUSE-SU-2026:1185-1","SUSE-SU-2026:1188-1","SUSE-SU-2026:1212-1","SUSE-SU-2026:1221-1","SUSE-SU-2026:1222-1","SUSE-SU-2026:1225-1","SUSE-SU-2026:1236-1","SUSE-SU-2026:1239-1","SUSE-SU-2026:1242-1","SUSE-SU-2026:1244-1","SUSE-SU-2026:1248-1","SUSE-SU-2026:1259-1","SUSE-SU-2026:1263-1","SUSE-SU-2026:1268-1","SUSE-SU-2026:1269-1","SUSE-SU-2026:1271-1","SUSE-SU-2026:1278-1","SUSE-SU-2026:1280-1","SUSE-SU-2026:1281-1","SUSE-SU-2026:1283-1","SUSE-SU-2026:1285-1","SUSE-SU-2026:1287-1","SUSE-SU-2026:1297-1","SUSE-SU-2026:1298-1","SUSE-SU-2026:1304-1","SUSE-SU-2026:21007-1","SUSE-SU-2026:21008-1","SUSE-SU-2026:21043-1","SUSE-SU-2026:21044-1","SUSE-SU-2026:21045-1","SUSE-SU-2026:21046-1","SUSE-SU-2026:21047-1","SUSE-SU-2026:21048-1","SUSE-SU-2026:21049-1","SUSE-SU-2026:21050-1","SUSE-SU-2026:21053-1","SUSE-SU-2026:21054-1","SUSE-SU-2026:21055-1","SUSE-SU-2026:21056-1","SUSE-SU-2026:21057-1","SUSE-SU-2026:21058-1","SUSE-SU-2026:21059-1","SUSE-SU-2026:21060-1","SUSE-SU-2026:21061-1","SUSE-SU-2026:21073-1","SUSE-SU-2026:21074-1","SUSE-SU-2026:21075-1","SUSE-SU-2026:21076-1","SUSE-SU-2026:21077-1","SUSE-SU-2026:21078-1","SUSE-SU-2026:21079-1","SUSE-SU-2026:21080-1","SUSE-SU-2026:21083-1","SUSE-SU-2026:21084-1","SUSE-SU-2026:21085-1","SUSE-SU-2026:21086-1","SUSE-SU-2026:21087-1","SUSE-SU-2026:21088-1","SUSE-SU-2026:21089-1","SUSE-SU-2026:21090-1","SUSE-SU-2026:21091-1","SUSE-SU-2026:21096-1","SUSE-SU-2026:21099-1","SUSE-SU-2026:21217-1","SUSE-SU-2026:21219-1","openSUSE-SU-2025:20091-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39973.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0543d40d6513cdf1c7882811086e59a6455dfe97"},{"type":"WEB","url":"https://git.kernel.org/stable/c/05fe81fb9db20464fa532a3835dc8300d68a2f84"},{"type":"WEB","url":"https://git.kernel.org/stable/c/45a7527cd7da4cdcf3b06b5c0cb1cae30b5a5985"},{"type":"WEB","url":"https://git.kernel.org/stable/c/55d225670def06b01af2e7a5e0446fbe946289e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7d749e38dd2b7e8a80da2ca30c93e09de95bfcf9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/afec12adab55d10708179a64d95d650741e60fe0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c0c83f4cd074b75cecef107bfc349be7d516c9c4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d3b0d3f8d11fa957171fbb186e53998361a88d4e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39973.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39973"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5c3c48ac6bf56367c4e89f6453cd2d61e50375bd"},{"fixed":"0543d40d6513cdf1c7882811086e59a6455dfe97"},{"fixed":"7d749e38dd2b7e8a80da2ca30c93e09de95bfcf9"},{"fixed":"45a7527cd7da4cdcf3b06b5c0cb1cae30b5a5985"},{"fixed":"d3b0d3f8d11fa957171fbb186e53998361a88d4e"},{"fixed":"c0c83f4cd074b75cecef107bfc349be7d516c9c4"},{"fixed":"05fe81fb9db20464fa532a3835dc8300d68a2f84"},{"fixed":"afec12adab55d10708179a64d95d650741e60fe0"},{"fixed":"55d225670def06b01af2e7a5e0446fbe946289e8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39973.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.12.0"},{"fixed":"5.4.300"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.245"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.194"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.155"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.109"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.50"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.16.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39973.json"}}],"schema_version":"1.7.5"}