7.8

CVE-2025-39911

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration
later than the first, the error path wants to free the IRQs requested
so far. However, it uses the wrong dev_id argument for free_irq(), so
it does not free the IRQs correctly and instead triggers the warning:

 Trying to free already-free IRQ 173
 WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0
 Modules linked in: i40e(+) [...]
 CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)
 Hardware name: [...]
 RIP: 0010:__free_irq+0x192/0x2c0
 [...]
 Call Trace:
  <TASK>
  free_irq+0x32/0x70
  i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]
  i40e_vsi_request_irq+0x79/0x80 [i40e]
  i40e_vsi_open+0x21f/0x2f0 [i40e]
  i40e_open+0x63/0x130 [i40e]
  __dev_open+0xfc/0x210
  __dev_change_flags+0x1fc/0x240
  netif_change_flags+0x27/0x70
  do_setlink.isra.0+0x341/0xc70
  rtnl_newlink+0x468/0x860
  rtnetlink_rcv_msg+0x375/0x450
  netlink_rcv_skb+0x5c/0x110
  netlink_unicast+0x288/0x3c0
  netlink_sendmsg+0x20d/0x430
  ____sys_sendmsg+0x3a2/0x3d0
  ___sys_sendmsg+0x99/0xe0
  __sys_sendmsg+0x8a/0xf0
  do_syscall_64+0x82/0x2c0
  entry_SYSCALL_64_after_hwframe+0x76/0x7e
  [...]
  </TASK>
 ---[ end trace 0000000000000000 ]---

Use the same dev_id for free_irq() as for request_irq().

I tested this with inserting code to fail intentionally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.13 < 5.4.300
LinuxLinux Kernel Version >= 5.5 < 5.10.245
LinuxLinux Kernel Version >= 5.11 < 5.15.194
LinuxLinux Kernel Version >= 5.16 < 6.1.153
LinuxLinux Kernel Version >= 6.2 < 6.6.107
LinuxLinux Kernel Version >= 6.7 < 6.12.48
LinuxLinux Kernel Version >= 6.13 < 6.16.8
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
LinuxLinux Kernel Version6.17 Updaterc3
LinuxLinux Kernel Version6.17 Updaterc4
LinuxLinux Kernel Version6.17 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.043
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98
Patch
https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3
Patch
https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c
Patch
https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315
Patch
https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db
Patch
https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89
Patch
https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df
Patch
https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory