CVE-2025-22112: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel was identified and assigned CVE-2025-22112, discovered on April 16, 2025. The issue involves an out-of-range access of the vnicinfo array in the bnxt network driver. Specifically, the bnxtqueue{start | stop}() functions access vnicinfo beyond its allocated size, which is determined by bp->nr_vnics (NVD Database, Debian Tracker).

The vulnerability is related to array boundary issues in the Linux kernel's bnxt network driver. The CVSS v3.1 score is 5.5 (Low severity) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical issue stems from the bnxtqueue{start | stop}() functions accessing the vnicinfo array beyond its allocated size (bp->nrvnics), potentially leading to out-of-bounds access (Red Hat Security).

The vulnerability has been assessed with a Low impact rating. According to the CVSS metrics, while the vulnerability requires local access and low privileges, it could potentially lead to high availability impact on the affected system. There are no confidentiality or integrity impacts noted (Red Hat Security).

The vulnerability has been fixed in various Linux distributions. Debian has marked the issue as fixed in bullseye (5.10.234-1) and bookworm (6.1.133-1) releases. Red Hat Enterprise Linux versions 6, 8, and 9 are not affected by this vulnerability (Debian Tracker, Red Hat Security).