CVE-2025-40264

beinsertvlaninpkt() is called with the wrbparams argument being NULL at besendpktto_bmc() call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific packet, as commit bc0c3405abbb ("be2net: fix a Tx stall bug caused by a specific ipv6 packet") states.

The correct way would be to pass the wrbparams from bexmit().

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40264.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

760c295e0e8d982917d004c9095cff61c0cbd803

Fixed

48d59b60dd5d7e4c48c077a2008c9dcd7b59bdfe

Fixed

f499dfa5c98e92e72dd454eb95a1000a448f3405

Fixed

630360c6724e27f1aa494ba3fffe1e38c4205284

Fixed

012ee5882b1830db469194466a210768ed207388

Fixed

ce0a3699244aca3acb659f143c9cb1327b210f89

Fixed

1ecd86ec6efddb59a10c927e8e679f183bb9113e

Fixed

4c4741f6e7f2fa4e1486cb61e1c15b9236ec134d

Fixed

7d277a7a58578dd62fd546ddaef459ec24ccae36

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40264.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

5.4.302

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.247

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.197

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.159

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.118

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.60

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40264.json"