CVE-2025-39911
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39911
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39911.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39911
- Downstream
- Related
- Published
- 2025-10-01T07:44:34.561Z
- Modified
- 2025-11-28T02:34:12.636690Z
- Summary
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
i40e: fix IRQ freeing in i40evsirequestirqmsix error path
If requestirq() in i40evsirequestirqmsix() fails in an iteration later than the first, the error path wants to free the IRQs requested so far. However, it uses the wrong devid argument for free_irq(), so it does not free the IRQs correctly and instead triggers the warning:
Trying to free already-free IRQ 173 WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 freeirq+0x192/0x2c0 Modules linked in: i40e(+) [...] CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy) Hardware name: [...] RIP: 0010:freeirq+0x192/0x2c0 [...] Call Trace: <TASK> freeirq+0x32/0x70 i40evsirequestirqmsix.cold+0x63/0x8b [i40e] i40evsirequestirq+0x79/0x80 [i40e] i40evsiopen+0x21f/0x2f0 [i40e] i40eopen+0x63/0x130 [i40e] devopen+0xfc/0x210 _devchangeflags+0x1fc/0x240 netifchangeflags+0x27/0x70 dosetlink.isra.0+0x341/0xc70 rtnlnewlink+0x468/0x860 rtnetlinkrcvmsg+0x375/0x450 netlinkrcvskb+0x5c/0x110 netlinkunicast+0x288/0x3c0 netlinksendmsg+0x20d/0x430 _syssendmsg+0x3a2/0x3d0 _syssendmsg+0x99/0xe0 _syssendmsg+0x8a/0xf0 dosyscall64+0x82/0x2c0 entrySYSCALL64afterhwframe+0x76/0x7e [...] </TASK> ---[ end trace 0000000000000000 ]---
Use the same devid for freeirq() as for request_irq().
I tested this with inserting code to fail intentionally.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39911.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89
- https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98
- https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df
- https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3
- https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c
- https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315
- https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85
- https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39911.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39911
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced493fb30011b3ab5173cef96f1d1ce126da051792Fixed13ab9adef3cd386511c930a9660ae06595007f89Fixed6e4016c0dca53afc71e3b99e24252b63417395dfFixedb9721a023df38cf44a88f2739b4cf51efd051f85Fixedb905b2acb3a0bbb08ad9be9984d8cdabdf827315Fixed23431998a37764c464737b855c71a81d50992e98Fixeda30afd6617c30aaa338d1dbcb1e34e7a1890085cFixedc62580674ce5feb1be4f90b5873ff3ce50e0a1dbFixed915470e1b44e71d1dd07ee067276f003c3521ee3
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.13.0Fixed5.4.300
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.245
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.194
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.153
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.107
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.48
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.16.8