CVE-2025-40330

The netifclose() call in bnxtshutdown() only stops packet DMA. There may be FW DMA for trace logging (recently added) that will continue. If we kexec to a new kernel, the DMA will corrupt memory in the new kernel.

Add bnxthwrmfuncdrvunrgtr() to unregister the driver from the FW. This will stop the FW DMA. In case the call fails, call pcie_flr() to reset the function and stop the DMA.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40330.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

24d694aec139e9e0a31c60993db79bd8ad575afe

Fixed

1a8a15c3f71d1199d510ccba4bc201cbd2204048

Fixed

bc7208ca805ae6062f353a4753467d913d963bc6

Affected versions

v6.*

v6.12

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.17

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.17.1

v6.17.2

v6.17.3

v6.17.4

v6.17.5

v6.17.6

v6.17.7

v6.18-rc1

v6.18-rc2

v6.18-rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40330.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40330.json"