VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-257x-4nsw-dbfr

Essentials
Severities (11)
References (27)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-257x-4nsw-dbfr
Aliases	CVE-2025-21961
Summary	kernel: eth: bnxt: fix truesize for mb-xdp-pass case
Status	Published
Exploitability	0.5
Weighted Severity	4.4
Risk	2.2
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-665

Improper Initialization

System	Score	Found at
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21961.json
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2025-21961
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2025-21961
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2025-21961
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.5	https://git.kernel.org/stable/c/19107e71be330dbccb9f8f9f4cf0a9abeadad802
ssvc	Track	https://git.kernel.org/stable/c/19107e71be330dbccb9f8f9f4cf0a9abeadad802
cvssv3.1	5.5	https://git.kernel.org/stable/c/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2
ssvc	Track	https://git.kernel.org/stable/c/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2
cvssv3.1	5.5	https://git.kernel.org/stable/c/b4679807c6083ade4d47f03f80da891afcb6ef62
ssvc	Track	https://git.kernel.org/stable/c/b4679807c6083ade4d47f03f80da891afcb6ef62

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21961.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-21961
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
19107e71be330dbccb9f8f9f4cf0a9abeadad802		https://git.kernel.org/stable/c/19107e71be330dbccb9f8f9f4cf0a9abeadad802
2356584		https://bugzilla.redhat.com/show_bug.cgi?id=2356584
9f7b2aa5034e24d3c49db73d5f760c0435fe31c2		https://git.kernel.org/stable/c/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2
b4679807c6083ade4d47f03f80da891afcb6ef62		https://git.kernel.org/stable/c/b4679807c6083ade4d47f03f80da891afcb6ef62
RHSA-2025:9080		https://access.redhat.com/errata/RHSA-2025:9080
RHSA-2025:9896		https://access.redhat.com/errata/RHSA-2025:9896
USN-7605-1		https://usn.ubuntu.com/7605-1/
USN-7605-2		https://usn.ubuntu.com/7605-2/
USN-7606-1		https://usn.ubuntu.com/7606-1/
USN-7628-1		https://usn.ubuntu.com/7628-1/
USN-7764-1		https://usn.ubuntu.com/7764-1/
USN-7764-2		https://usn.ubuntu.com/7764-2/
USN-7765-1		https://usn.ubuntu.com/7765-1/
USN-7766-1		https://usn.ubuntu.com/7766-1/
USN-7767-1		https://usn.ubuntu.com/7767-1/
USN-7767-2		https://usn.ubuntu.com/7767-2/
USN-7779-1		https://usn.ubuntu.com/7779-1/
USN-7790-1		https://usn.ubuntu.com/7790-1/
USN-7800-1		https://usn.ubuntu.com/7800-1/
USN-7801-1		https://usn.ubuntu.com/7801-1/
USN-7801-2		https://usn.ubuntu.com/7801-2/
USN-7801-3		https://usn.ubuntu.com/7801-3/
USN-7802-1		https://usn.ubuntu.com/7802-1/
USN-7809-1		https://usn.ubuntu.com/7809-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21961.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/19107e71be330dbccb9f8f9f4cf0a9abeadad802

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:15:46Z/ Found at https://git.kernel.org/stable/c/19107e71be330dbccb9f8f9f4cf0a9abeadad802

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:15:46Z/ Found at https://git.kernel.org/stable/c/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/b4679807c6083ade4d47f03f80da891afcb6ef62

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:15:46Z/ Found at https://git.kernel.org/stable/c/b4679807c6083ade4d47f03f80da891afcb6ef62

Exploit Prediction Scoring System (EPSS)

Percentile	0.02911
EPSS Score	0.00014
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:47:00.519314+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21961.json	38.6.0