CVE-2025-22108: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's bnxten driver was discovered and documented as CVE-2025-22108 on April 16, 2025. The issue relates to improper handling of the bdcnt field in the TX BD (Buffer Descriptor) which specifies the total number of BDs for the TX packet (NVD, Red Hat CVE).

The vulnerability stems from the bdcnt field in the TX BD having 5 bits with a maximum supported value of 32 (represented as 0). When CONFIGMAXSKBFRAGS is modified, the total number of SKB fragments can approach or exceed the chip's maximum supported value. Without proper masking, out-of-range bd_cnt values can corrupt the TX BD and potentially cause TX timeout. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

When exploited, this vulnerability can lead to TX BD corruption and cause TX timeout in affected systems. The impact is primarily focused on system availability, as indicated by the CVSS scoring which shows high impact on availability but no impact on confidentiality or integrity (Red Hat CVE).

A fix has been implemented that adds a macro to properly mask the bdcnt field, ensuring that the value 32 will be correctly masked and set to 0 in the bdcnt field. Additionally, a subsequent patch will implement checks for values exceeding 32 (NVD).