7.8

CVE-2025-39911

EPSS 0.03%
Veröffentlicht 01.10.2025 08:15:34
Zuletzt bearbeitet 16.01.2026 19:37:09
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration
later than the first, the error path wants to free the IRQs requested
so far. However, it uses the wrong dev_id argument for free_irq(), so
it does not free the IRQs correctly and instead triggers the warning:

 Trying to free already-free IRQ 173
 WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0
 Modules linked in: i40e(+) [...]
 CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)
 Hardware name: [...]
 RIP: 0010:__free_irq+0x192/0x2c0
 [...]
 Call Trace:
  <TASK>
  free_irq+0x32/0x70
  i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]
  i40e_vsi_request_irq+0x79/0x80 [i40e]
  i40e_vsi_open+0x21f/0x2f0 [i40e]
  i40e_open+0x63/0x130 [i40e]
  __dev_open+0xfc/0x210
  __dev_change_flags+0x1fc/0x240
  netif_change_flags+0x27/0x70
  do_setlink.isra.0+0x341/0xc70
  rtnl_newlink+0x468/0x860
  rtnetlink_rcv_msg+0x375/0x450
  netlink_rcv_skb+0x5c/0x110
  netlink_unicast+0x288/0x3c0
  netlink_sendmsg+0x20d/0x430
  ____sys_sendmsg+0x3a2/0x3d0
  ___sys_sendmsg+0x99/0xe0
  __sys_sendmsg+0x8a/0xf0
  do_syscall_64+0x82/0x2c0
  entry_SYSCALL_64_after_hwframe+0x76/0x7e
  [...]
  </TASK>
 ---[ end trace 0000000000000000 ]---

Use the same dev_id for free_irq() as for request_irq().

I tested this with inserting code to fail intentionally.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.13 < 5.4.300

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.245

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.194

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.153

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.107

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.48

Linux ≫ Linux Kernel Version >= 6.13 < 6.16.8

Linux ≫ Linux Kernel Version6.17 Updaterc1

Linux ≫ Linux Kernel Version6.17 Updaterc2

Linux ≫ Linux Kernel Version6.17 Updaterc3

Linux ≫ Linux Kernel Version6.17 Updaterc4

Linux ≫ Linux Kernel Version6.17 Updaterc5

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98

Patch

https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3

Patch

https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c

Patch

https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315

Patch

https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db

Patch

https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89

Patch

https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df

Patch

https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-39911

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39911

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39911

EUVD