-

CVE-2025-39911

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration
later than the first, the error path wants to free the IRQs requested
so far. However, it uses the wrong dev_id argument for free_irq(), so
it does not free the IRQs correctly and instead triggers the warning:

 Trying to free already-free IRQ 173
 WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0
 Modules linked in: i40e(+) [...]
 CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)
 Hardware name: [...]
 RIP: 0010:__free_irq+0x192/0x2c0
 [...]
 Call Trace:
  <TASK>
  free_irq+0x32/0x70
  i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]
  i40e_vsi_request_irq+0x79/0x80 [i40e]
  i40e_vsi_open+0x21f/0x2f0 [i40e]
  i40e_open+0x63/0x130 [i40e]
  __dev_open+0xfc/0x210
  __dev_change_flags+0x1fc/0x240
  netif_change_flags+0x27/0x70
  do_setlink.isra.0+0x341/0xc70
  rtnl_newlink+0x468/0x860
  rtnetlink_rcv_msg+0x375/0x450
  netlink_rcv_skb+0x5c/0x110
  netlink_unicast+0x288/0x3c0
  netlink_sendmsg+0x20d/0x430
  ____sys_sendmsg+0x3a2/0x3d0
  ___sys_sendmsg+0x99/0xe0
  __sys_sendmsg+0x8a/0xf0
  do_syscall_64+0x82/0x2c0
  entry_SYSCALL_64_after_hwframe+0x76/0x7e
  [...]
  </TASK>
 ---[ end trace 0000000000000000 ]---

Use the same dev_id for free_irq() as for request_irq().

I tested this with inserting code to fail intentionally.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
Product Linux
Default Statusunaffected
Version < 13ab9adef3cd386511c930a9660ae06595007f89
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
Version < 6e4016c0dca53afc71e3b99e24252b63417395df
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
Version < b9721a023df38cf44a88f2739b4cf51efd051f85
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
Version < b905b2acb3a0bbb08ad9be9984d8cdabdf827315
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
Version < 23431998a37764c464737b855c71a81d50992e98
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
Version < a30afd6617c30aaa338d1dbcb1e34e7a1890085c
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
Version < c62580674ce5feb1be4f90b5873ff3ce50e0a1db
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
Version < 915470e1b44e71d1dd07ee067276f003c3521ee3
Version 493fb30011b3ab5173cef96f1d1ce126da051792
Status affected
VendorLinux
Product Linux
Default Statusaffected
Version 3.13
Status affected
Version < 3.13
Version 0
Status unaffected
Version <= 5.4.*
Version 5.4.300
Status unaffected
Version <= 5.10.*
Version 5.10.245
Status unaffected
Version <= 5.15.*
Version 5.15.194
Status unaffected
Version <= 6.1.*
Version 6.1.153
Status unaffected
Version <= 6.6.*
Version 6.6.107
Status unaffected
Version <= 6.12.*
Version 6.12.48
Status unaffected
Version <= 6.16.*
Version 6.16.8
Status unaffected
Version <= *
Version 6.17
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.081
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string