DEBIAN-CVE-2025-40091

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlinkfree() in ixgberemove() Since ixgbeadapter is embedded in devlink, calling devlinkfree() prematurely in the ixgberemove() path can lead to UAF. Move devlinkfree() to the end. KASAN report: BUG: KASAN: use-after-free in ixgberesetinterruptcapability+0x140/0x180 [ixgbe] Read of size 8 at addr ffff0000adf813e0 by task bash/2095 CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full) [...] Call trace: showstack+0x30/0x90 (C) dumpstacklvl+0x9c/0xd0 printaddressdescription.constprop.0+0x90/0x310 printreport+0x104/0x1f0 kasanreport+0x88/0x180 _asanreportload8noabort+0x20/0x30 ixgberesetinterruptcapability+0x140/0x180 [ixgbe] ixgbeclearinterruptscheme+0xf8/0x130 [ixgbe] ixgberemove+0x2d0/0x8c0 [ixgbe] pcideviceremove+0xa0/0x220 deviceremove+0xb8/0x170 devicereleasedriverinternal+0x318/0x490 devicedriverdetach+0x40/0x68 unbindstore+0xec/0x118 drvattrstore+0x64/0xb8 sysfskfwrite+0xcc/0x138 kernfsfopwriteiter+0x294/0x440 newsyncwrite+0x1fc/0x588 vfswrite+0x480/0x6a0 ksyswrite+0xf0/0x1e0 _arm64syswrite+0x70/0xc0 invokesyscall.constprop.0+0xcc/0x280 el0svccommon.constprop.0+0xa8/0x248 doel0svc+0x44/0x68 el0svc+0x54/0x160 el0t64synchandler+0xa0/0xe8 el0t64_sync+0x1b0/0x1b8