CVE-2025-39784

EPSS 0.02%
Veröffentlicht 11.09.2025 16:56:34
Zuletzt bearbeitet 15.09.2025 15:22:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix link speed calculation on retrain failure

When pcie_failed_link_retrain() fails to retrain, it tries to revert to the
previous link speed.  However it calculates that speed from the Link
Control 2 register without masking out non-speed bits first.

PCIE_LNKCTL2_TLS2SPEED() converts such incorrect values to
PCI_SPEED_UNKNOWN (0xff), which in turn causes a WARN splat in
pcie_set_target_speed():

  pci 0000:00:01.1: [1022:14ed] type 01 class 0x060400 PCIe Root Port
  pci 0000:00:01.1: broken device, retraining non-functional downstream link at 2.5GT/s
  pci 0000:00:01.1: retraining failed
  WARNING: CPU: 1 PID: 1 at drivers/pci/pcie/bwctrl.c:168 pcie_set_target_speed
  RDX: 0000000000000001 RSI: 00000000000000ff RDI: ffff9acd82efa000
  pcie_failed_link_retrain
  pci_device_add
  pci_scan_single_device

Mask out the non-speed bits in PCIE_LNKCTL2_TLS2SPEED() and
PCIE_LNKCAP_SLS2SPEED() so they don't incorrectly return PCI_SPEED_UNKNOWN.

[bhelgaas: commit log, add details from https://lore.kernel.org/r/1c92ef6bcb314ee6977839b46b393282e4f52e74.1750684771.git.lukas@wunner.de]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 16557320f378262b5c605b15edebd3642406992a

Version de9a6c8d5dbfedb5eb3722c822da0490f6a59a45

Status affected

Version < 9989e0ca7462c62f93dbc62f684448aa2efb9226

Version de9a6c8d5dbfedb5eb3722c822da0490f6a59a45

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.13

Status affected

Version < 6.13

Version 0

Status unaffected

Version <= 6.16.*

Version 6.16.4

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/16557320f378262b5c605b15edebd3642406992a

https://git.kernel.org/stable/c/9989e0ca7462c62f93dbc62f684448aa2efb9226

https://nvd.nist.gov/vuln/detail/CVE-2025-39784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39784

EUVD