Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-39968

Опубликовано: 15 окт. 2025
Источник: redhat
CVSS3: 5.3

Описание

In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.

A flaw was found in the Linux kernel's i40e network driver. A local attacker with low privileges can exploit a missing maximum boundary check for Virtual Function (VF) filters. By requesting an unbounded number of filters, the attacker can cause resource exhaustion, leading to a denial of service (DoS). This issue may also impact the confidentiality and integrity of data due to the system's compromised state.

Меры по смягчению последствий

Prevent the i40e kernel module from loading to mitigate this vulnerability. Create a file /etc/modprobe.d/i40e-blacklist.conf with the following content:

blacklist i40e install i40e /bin/true

Then, regenerate the initramfs and reboot the system for the changes to take effect. This action will disable the i40e network driver, potentially impacting network functionality if i40e-based network adapters are in use. A system reboot is required for the changes to be fully applied.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelFix deferred
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2404115kernel: Linux kernel i40e: Resource exhaustion via unbounded VF filter requests

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-39968

ubuntu
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.

nvd логотип

CVE-2025-39968

nvd
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.

msrc логотип

CVE-2025-39968

CVSS3: 9.8
msrc
5 месяцев назад

i40e: add max boundary check for VF filters

debian логотип

CVE-2025-39968

debian
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

github логотип

GHSA-prj5-rqwf-24v6

github
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.

5.3 Medium

CVSS3