{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39911","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.147Z","datePublished":"2025-10-01T07:44:34.561Z","dateUpdated":"2026-05-11T21:38:47.535Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:38:47.535Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n  <TASK>\n  free_irq+0x32/0x70\n  i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n  i40e_vsi_request_irq+0x79/0x80 [i40e]\n  i40e_vsi_open+0x21f/0x2f0 [i40e]\n  i40e_open+0x63/0x130 [i40e]\n  __dev_open+0xfc/0x210\n  __dev_change_flags+0x1fc/0x240\n  netif_change_flags+0x27/0x70\n  do_setlink.isra.0+0x341/0xc70\n  rtnl_newlink+0x468/0x860\n  rtnetlink_rcv_msg+0x375/0x450\n  netlink_rcv_skb+0x5c/0x110\n  netlink_unicast+0x288/0x3c0\n  netlink_sendmsg+0x20d/0x430\n  ____sys_sendmsg+0x3a2/0x3d0\n  ___sys_sendmsg+0x99/0xe0\n  __sys_sendmsg+0x8a/0xf0\n  do_syscall_64+0x82/0x2c0\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  [...]\n  </TASK>\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/i40e/i40e_main.c"],"versions":[{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"13ab9adef3cd386511c930a9660ae06595007f89","status":"affected","versionType":"git"},{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"6e4016c0dca53afc71e3b99e24252b63417395df","status":"affected","versionType":"git"},{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"b9721a023df38cf44a88f2739b4cf51efd051f85","status":"affected","versionType":"git"},{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"b905b2acb3a0bbb08ad9be9984d8cdabdf827315","status":"affected","versionType":"git"},{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"23431998a37764c464737b855c71a81d50992e98","status":"affected","versionType":"git"},{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"a30afd6617c30aaa338d1dbcb1e34e7a1890085c","status":"affected","versionType":"git"},{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"c62580674ce5feb1be4f90b5873ff3ce50e0a1db","status":"affected","versionType":"git"},{"version":"493fb30011b3ab5173cef96f1d1ce126da051792","lessThan":"915470e1b44e71d1dd07ee067276f003c3521ee3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/i40e/i40e_main.c"],"versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","status":"unaffected","versionType":"semver"},{"version":"5.4.300","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.245","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.194","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.153","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.107","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.48","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.16.8","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.4.300"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.245"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.15.194"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.1.153"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.6.107"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.12.48"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.16.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89"},{"url":"https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df"},{"url":"https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85"},{"url":"https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315"},{"url":"https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98"},{"url":"https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c"},{"url":"https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db"},{"url":"https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3"}],"title":"i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:44:36.010Z"}}]}}