{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39970","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.149Z","datePublished":"2025-10-15T07:55:53.610Z","dateUpdated":"2026-05-11T21:39:57.004Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:39:57.004Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check 'greater or equal' to prevent OOB dereference."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"],"versions":[{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"a88c1b2746eccf00e2094b187945f0f1e990b400","status":"affected","versionType":"git"},{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"28465770ca3b694286ff9ed6dfd558413f57d98f","status":"affected","versionType":"git"},{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"f8c8e11825b24661596fa8db2f0981ba17ed0817","status":"affected","versionType":"git"},{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"461e0917eedcd159d87f3ea846754a1e07d7e78a","status":"affected","versionType":"git"},{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"3883e9702b6a4945e93b16c070f338a9f5b496f9","status":"affected","versionType":"git"},{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b","status":"affected","versionType":"git"},{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"560e1683410585fbd5df847f43433c4296f0d222","status":"affected","versionType":"git"},{"version":"e284fc280473bed23f2e1ed324e102a48f7d17e1","lessThan":"9739d5830497812b0bdeaee356ddefbe60830b88","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"],"versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","status":"unaffected","versionType":"semver"},{"version":"5.4.300","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.245","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.194","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.155","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.109","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.50","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.16.10","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.4.300"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.10.245"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.15.194"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.1.155"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.6.109"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.12.50"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.16.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a88c1b2746eccf00e2094b187945f0f1e990b400"},{"url":"https://git.kernel.org/stable/c/28465770ca3b694286ff9ed6dfd558413f57d98f"},{"url":"https://git.kernel.org/stable/c/f8c8e11825b24661596fa8db2f0981ba17ed0817"},{"url":"https://git.kernel.org/stable/c/461e0917eedcd159d87f3ea846754a1e07d7e78a"},{"url":"https://git.kernel.org/stable/c/3883e9702b6a4945e93b16c070f338a9f5b496f9"},{"url":"https://git.kernel.org/stable/c/3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b"},{"url":"https://git.kernel.org/stable/c/560e1683410585fbd5df847f43433c4296f0d222"},{"url":"https://git.kernel.org/stable/c/9739d5830497812b0bdeaee356ddefbe60830b88"}],"title":"i40e: fix input validation logic for action_meta","x_generator":{"engine":"bippy-1.2.0"}}}}