i40e: fix input validation logic for action_meta — CVE-2025-39970

Summary

Advisory CVE-2025-39970. i40e: fix input validation logic for action_meta Vendor: Microsoft. Source: MSRC. Threat: critical. CVSS 9.8. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• ASP.NET Security Feature Bypass Vulnerability CVE-2025-55315
• Azure Compute Resource Provider Elevation of Privilege Vulnerability CVE-2025-59503
• Azure Entra ID Elevation of Privilege Vulnerability CVE-2025-59218
• Azure Entra ID Elevation of Privilege Vulnerability CVE-2025-59246
• Azure Monitor Log Analytics Spoofing Vulnerability CVE-2025-55321
• can: j1939: implement NETDEV_UNREGISTER notification handler CVE-2025-39925
• can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow CVE-2025-39985
• can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow CVE-2025-39986
• Copilot Information Disclosure Vulnerability CVE-2025-59272
• Copilot Information Disclosure Vulnerability CVE-2025-59286
• e1000e: fix heap overflow in e1000_set_eeprom CVE-2025-39898
• fbcon: fix integer overflow in fbcon_do_set_font CVE-2025-39967