github - ghsa-fj8r-2x4x-2q83

ghsa-fj8r-2x4x-2q83

Vulnerability from github

Published

2025-12-09 18:30

Modified

2025-12-09 18:30

Details

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Shutdown FW DMA in bnxt_shutdown()

The netif_close() call in bnxt_shutdown() only stops packet DMA. There may be FW DMA for trace logging (recently added) that will continue. If we kexec to a new kernel, the DMA will corrupt memory in the new kernel.

Add bnxt_hwrm_func_drv_unrgtr() to unregister the driver from the FW. This will stop the FW DMA. In case the call fails, call pcie_flr() to reset the function and stop the DMA.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40330"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T16:17:43Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Shutdown FW DMA in bnxt_shutdown()\n\nThe netif_close() call in bnxt_shutdown() only stops packet DMA.  There\nmay be FW DMA for trace logging (recently added) that will continue.  If\nwe kexec to a new kernel, the DMA will corrupt memory in the new kernel.\n\nAdd bnxt_hwrm_func_drv_unrgtr() to unregister the driver from the FW.\nThis will stop the FW DMA.  In case the call fails, call pcie_flr() to\nreset the function and stop the DMA.",
  "id": "GHSA-fj8r-2x4x-2q83",
  "modified": "2025-12-09T18:30:35Z",
  "published": "2025-12-09T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40330"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a8a15c3f71d1199d510ccba4bc201cbd2204048"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc7208ca805ae6062f353a4753467d913d963bc6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-40330 (GCVE-0-2025-40330)

Vulnerability from cvelistv5

Published

2025-12-09 04:09

Modified

2025-12-09 04:09

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Shutdown FW DMA in bnxt_shutdown() The netif_close() call in bnxt_shutdown() only stops packet DMA. There may be FW DMA for trace logging (recently added) that will continue. If we kexec to a new kernel, the DMA will corrupt memory in the new kernel. Add bnxt_hwrm_func_drv_unrgtr() to unregister the driver from the FW. This will stop the FW DMA. In case the call fails, call pcie_flr() to reset the function and stop the DMA.

References

URL

Tags

	https://git.kernel.org/stable/c/1a8a15c3f71d1199d510ccba4bc201cbd2204048
	https://git.kernel.org/stable/c/bc7208ca805ae6062f353a4753467d913d963bc6

Impacted products

Vendor

Product

Version

Version: 24d694aec139e9e0a31c60993db79bd8ad575afe
Version: 24d694aec139e9e0a31c60993db79bd8ad575afe

Version: 6.13

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1a8a15c3f71d1199d510ccba4bc201cbd2204048",
              "status": "affected",
              "version": "24d694aec139e9e0a31c60993db79bd8ad575afe",
              "versionType": "git"
            },
            {
              "lessThan": "bc7208ca805ae6062f353a4753467d913d963bc6",
              "status": "affected",
              "version": "24d694aec139e9e0a31c60993db79bd8ad575afe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.13"
            },
            {
              "lessThan": "6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.8",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Shutdown FW DMA in bnxt_shutdown()\n\nThe netif_close() call in bnxt_shutdown() only stops packet DMA.  There\nmay be FW DMA for trace logging (recently added) that will continue.  If\nwe kexec to a new kernel, the DMA will corrupt memory in the new kernel.\n\nAdd bnxt_hwrm_func_drv_unrgtr() to unregister the driver from the FW.\nThis will stop the FW DMA.  In case the call fails, call pcie_flr() to\nreset the function and stop the DMA."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T04:09:47.251Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1a8a15c3f71d1199d510ccba4bc201cbd2204048"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc7208ca805ae6062f353a4753467d913d963bc6"
        }
      ],
      "title": "bnxt_en: Shutdown FW DMA in bnxt_shutdown()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40330",
    "datePublished": "2025-12-09T04:09:47.251Z",
    "dateReserved": "2025-04-16T07:20:57.186Z",
    "dateUpdated": "2025-12-09T04:09:47.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.