CVE-2025-39911

01.10.2025, 08:15

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration
later than the first, the error path wants to free the IRQs requested
so far. However, it uses the wrong dev_id argument for free_irq(), so
it does not free the IRQs correctly and instead triggers the warning:

 Trying to free already-free IRQ 173
 WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0
 Modules linked in: i40e(+) [...]
 CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)
 Hardware name: [...]
 RIP: 0010:__free_irq+0x192/0x2c0
 [...]
 Call Trace:
  <TASK>
  free_irq+0x32/0x70
  i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]
  i40e_vsi_request_irq+0x79/0x80 [i40e]
  i40e_vsi_open+0x21f/0x2f0 [i40e]
  i40e_open+0x63/0x130 [i40e]
  __dev_open+0xfc/0x210
  __dev_change_flags+0x1fc/0x240
  netif_change_flags+0x27/0x70
  do_setlink.isra.0+0x341/0xc70
  rtnl_newlink+0x468/0x860
  rtnetlink_rcv_msg+0x375/0x450
  netlink_rcv_skb+0x5c/0x110
  netlink_unicast+0x288/0x3c0
  netlink_sendmsg+0x20d/0x430
  ____sys_sendmsg+0x3a2/0x3d0
  ___sys_sendmsg+0x99/0xe0
  __sys_sendmsg+0x8a/0xf0
  do_syscall_64+0x82/0x2c0
  entry_SYSCALL_64_after_hwframe+0x76/0x7e
  [...]
  </TASK>
 ---[ end trace 0000000000000000 ]---

Use the same dev_id for free_irq() as for request_irq().

I tested this with inserting code to fail intentionally.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Linux	CNA	---	---
CVE	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.12-2 fixed
sid	6.17.8-1 fixed

linux-6.1

bullseye (security)

6.1.153-1~deb11u1

fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-hwe

plucky	dne
noble	dne
jammy	dne
bionic	ignored
xenial	needs-triage

linux-hwe-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-hwe-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-hwe-5.19

plucky	dne
noble	dne
jammy	ignored

linux-hwe-6.2

plucky	dne
noble	dne
jammy	ignored

linux-hwe-6.5

plucky	dne
noble	dne
jammy	ignored

linux-hwe-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-hwe-6.11

plucky	dne
noble	ignored
jammy	dne

linux-hwe-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-hwe-edge

plucky	dne
noble	dne
jammy	dne
bionic	ignored
xenial	ignored

linux-lts-xenial

plucky	dne
noble	dne
jammy	dne
trusty	needs-triage

linux-kvm

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-allwinner-5.19

plucky	dne
noble	dne
jammy	ignored

linux-aws

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-aws-5.0

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-aws-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-aws-5.19

plucky	dne
noble	dne
jammy	ignored

linux-aws-6.2

plucky	dne
noble	dne
jammy	ignored

linux-aws-6.5

plucky	dne
noble	dne
jammy	ignored

linux-aws-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-aws-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-aws-hwe

plucky	dne
noble	dne
jammy	dne
xenial	needs-triage

linux-azure

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage
trusty	needs-triage

linux-azure-4.15

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-azure-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-5.19

plucky	dne
noble	dne
jammy	ignored

linux-azure-6.2

plucky	dne
noble	dne
jammy	ignored

linux-azure-6.5

plucky	dne
noble	dne
jammy	ignored

linux-azure-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-azure-6.11

plucky	dne
noble	ignored
jammy	dne

linux-azure-fde

plucky	needs-triage
noble	dne
jammy	needs-triage
focal	ignored

linux-azure-fde-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-fde-5.19

plucky	dne
noble	dne
jammy	ignored

linux-azure-fde-6.2

plucky	dne
noble	dne
jammy	ignored

linux-azure-nvidia

plucky	dne
noble	needs-triage
jammy	dne

linux-bluefield

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-edge

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-aws-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-azure-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-gcp-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-gcp

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage

linux-gcp-4.15

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gcp-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-gcp-5.19

plucky	dne
noble	dne
jammy	ignored

linux-gcp-6.2

plucky	dne
noble	dne
jammy	ignored

linux-gcp-6.5

plucky	dne
noble	dne
jammy	ignored

linux-gcp-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-gcp-6.11

plucky	dne
noble	ignored
jammy	dne

linux-gcp-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-gke

plucky	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gke-4.15

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gke-5.4

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gke-5.15

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gkeop

plucky	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gkeop-5.4

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gkeop-5.15

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-ibm

plucky	dne
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-ibm-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-ibm-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-ibm-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-intel-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-intel-iotg

plucky	dne
noble	dne
jammy	needs-triage

linux-intel-iotg-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-iot

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-intel-iot-realtime

plucky	dne
noble	dne
jammy	needs-triage

linux-lowlatency

plucky	dne
noble	needs-triage
jammy	needs-triage

linux-lowlatency-hwe-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-lowlatency-hwe-5.19

plucky	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.2

plucky	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.5

plucky	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-lowlatency-hwe-6.11

plucky	dne
noble	ignored
jammy	dne

linux-nvidia

plucky	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-6.2

plucky	dne
noble	dne
jammy	ignored

linux-nvidia-6.5

plucky	dne
noble	dne
jammy	ignored

linux-nvidia-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-nvidia-6.11

plucky	dne
noble	needs-triage
jammy	dne

linux-nvidia-lowlatency

plucky	dne
noble	needs-triage
jammy	dne

linux-nvidia-tegra

plucky	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-tegra-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-nvidia-tegra-igx

plucky	dne
noble	dne
jammy	needs-triage

linux-oracle

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-oracle-5.0

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-oracle-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-oracle-6.5

plucky	dne
noble	dne
jammy	ignored

linux-oracle-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-oracle-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-oem

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-oem-5.6

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.10

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.14

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.17

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.0

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.1

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.5

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.8

plucky	dne
noble	needs-triage
jammy	dne

linux-oem-6.11

plucky	dne
noble	needs-triage
jammy	dne

linux-oem-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-raspi

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-raspi2

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-raspi-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-raspi-realtime

plucky	dne
noble	needs-triage
jammy	dne

linux-realtime

plucky	needs-triage
noble	needs-triage
jammy	needs-triage

linux-realtime-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-realtime-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-riscv

plucky	needs-triage
noble	ignored
jammy	ignored
focal	ignored

linux-riscv-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-riscv-5.19

plucky	dne
noble	dne
jammy	ignored

linux-riscv-6.5

plucky	dne
noble	dne
jammy	ignored

linux-riscv-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-riscv-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-starfive-5.19

plucky	dne
noble	dne
jammy	ignored

linux-starfive-6.2

plucky	dne
noble	dne
jammy	ignored

linux-starfive-6.5

plucky	dne
noble	dne
jammy	ignored

linux-xilinx-zynqmp

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und andere nicht näher spezifizierte Angriffe durchzuführen, möglicherweise um beliebigen Code auszuführen oder eine Speicherbeschädigung zu verursachen.
Published: 2025-09-30T22:00:00+00:00

References

https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89

https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98

https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df

https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3

https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c

https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315

https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85

https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html