Linux Kernel BNXT Driver Denial-of-Service Vulnerability via Queue Memory Allocation

Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's BNXT Ethernet driver. The issue arises in the 'bnxt_queue_mem_alloc()' function, which allocates memory for queue buffers when a queue is restarted. If this function is called while the network interface is down, it can lead to a kernel panic. This occurs because the function tries to access receive buffer descriptors that are only available when the interface is active. When the interface is down, these descriptors are freed, causing a page fault and a subsequent crash. The vulnerability has been observed in Linux kernel version 6.14.0-rc2.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BNXT Driver Denial-of-Service Vulnerability via Queue Memory Allocation

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating