CVE-2025-39970 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/28465770ca3b694286ff9ed6dfd558413f57d98f
https://git.kernel.org/stable/c/3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b
https://git.kernel.org/stable/c/3883e9702b6a4945e93b16c070f338a9f5b496f9
https://git.kernel.org/stable/c/461e0917eedcd159d87f3ea846754a1e07d7e78a
https://git.kernel.org/stable/c/560e1683410585fbd5df847f43433c4296f0d222
https://git.kernel.org/stable/c/9739d5830497812b0bdeaee356ddefbe60830b88
https://git.kernel.org/stable/c/a88c1b2746eccf00e2094b187945f0f1e990b400
https://git.kernel.org/stable/c/f8c8e11825b24661596fa8db2f0981ba17ed0817

History

Wed, 15 Oct 2025 08:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference.
Title		i40e: fix input validation logic for action_meta
References		https://git.kernel.org/stable/c/28465770ca3b694286ff9ed6dfd558413f57d98f https://git.kernel.org/stable/c/3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b https://git.kernel.org/stable/c/3883e9702b6a4945e93b16c070f338a9f5b496f9 https://git.kernel.org/stable/c/461e0917eedcd159d87f3ea846754a1e07d7e78a https://git.kernel.org/stable/c/560e1683410585fbd5df847f43433c4296f0d222 https://git.kernel.org/stable/c/9739d5830497812b0bdeaee356ddefbe60830b88 https://git.kernel.org/stable/c/a88c1b2746eccf00e2094b187945f0f1e990b400 https://git.kernel.org/stable/c/f8c8e11825b24661596fa8db2f0981ba17ed0817

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-15T07:55:53.610Z

Updated: 2025-10-15T07:55:53.610Z

Reserved: 2025-04-16T07:20:57.149Z

Link: CVE-2025-39970

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-15T08:15:34.620

Modified: 2025-10-15T08:15:34.620

Link: CVE-2025-39970

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39970", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.149Z", "datePublished": "2025-10-15T07:55:53.610Z", "dateUpdated": "2025-10-15T07:55:53.610Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-15T07:55:53.610Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check 'greater or equal' to prevent OOB dereference."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "versions": [{"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "a88c1b2746eccf00e2094b187945f0f1e990b400", "status": "affected", "versionType": "git"}, {"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "28465770ca3b694286ff9ed6dfd558413f57d98f", "status": "affected", "versionType": "git"}, {"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "f8c8e11825b24661596fa8db2f0981ba17ed0817", "status": "affected", "versionType": "git"}, {"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "461e0917eedcd159d87f3ea846754a1e07d7e78a", "status": "affected", "versionType": "git"}, {"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "3883e9702b6a4945e93b16c070f338a9f5b496f9", "status": "affected", "versionType": "git"}, {"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b", "status": "affected", "versionType": "git"}, {"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "560e1683410585fbd5df847f43433c4296f0d222", "status": "affected", "versionType": "git"}, {"version": "e284fc280473bed23f2e1ed324e102a48f7d17e1", "lessThan": "9739d5830497812b0bdeaee356ddefbe60830b88", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "versions": [{"version": "4.17", "status": "affected"}, {"version": "0", "lessThan": "4.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.300", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.245", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.194", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.155", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.109", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.50", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.10", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "5.4.300"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "5.10.245"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "5.15.194"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.1.155"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.6.109"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.12.50"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.16.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a88c1b2746eccf00e2094b187945f0f1e990b400"}, {"url": "https://git.kernel.org/stable/c/28465770ca3b694286ff9ed6dfd558413f57d98f"}, {"url": "https://git.kernel.org/stable/c/f8c8e11825b24661596fa8db2f0981ba17ed0817"}, {"url": "https://git.kernel.org/stable/c/461e0917eedcd159d87f3ea846754a1e07d7e78a"}, {"url": "https://git.kernel.org/stable/c/3883e9702b6a4945e93b16c070f338a9f5b496f9"}, {"url": "https://git.kernel.org/stable/c/3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b"}, {"url": "https://git.kernel.org/stable/c/560e1683410585fbd5df847f43433c4296f0d222"}, {"url": "https://git.kernel.org/stable/c/9739d5830497812b0bdeaee356ddefbe60830b88"}], "title": "i40e: fix input validation logic for action_meta", "x_generator": {"engine": "bippy-1.2.0"}}}}