CVE-2025-39810: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39810 is a vulnerability discovered in the Linux kernel, specifically affecting the bnxt_en driver. The vulnerability was disclosed on September 16, 2025, and involves a memory corruption issue that occurs when firmware resources change during interface shutdown (NVD).

The vulnerability stems from an assumption in the bnxt_set_dflt_rings() function that it is always called before any Traffic Class (TC) is created, leading to incorrect handling of bp->num_tc values. When firmware resource or capability changes occur, the firmware returns flags in bnxt_hwrm_if_change() that trigger driver reinitialization and call bnxt_cancel_reservations(). This sequence leads to bnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() when bp->num_tc may be greater than 1, resulting in bp->tx_ring[] being sized incorrectly (NVD).

The vulnerability can lead to memory corruption in the bnxt_alloc_cp_rings() function due to improper sizing of the TX rings array. This could potentially affect system stability and security in Linux systems using the affected driver (NVD).

The issue has been addressed by properly scaling the TX rings by bp->num_tc in the affected code paths. Two helper functions have been added to determine bp->tx_nr_rings and bp->tx_nr_rings_per_tc. The fix is included in the Linux kernel version 6.12.48-1 (Debian Security).