High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2025-39911
HighVulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration
later than the first, the error path wants to free the IRQs requested
so far. However, it uses the wrong dev_id argument for free_irq(), so
it does not free the IRQs correctly and instead triggers the warning:
Trying to free already-free IRQ 173
WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0
Modules linked in: i40e(+) [...]
CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)
Hardware name: [...]
RIP: 0010:__free_irq+0x192/0x2c0
[...]
Call Trace:
<TASK>
free_irq+0x32/0x70
i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]
i40e_vsi_request_irq+0x79/0x80 [i40e]
i40e_vsi_open+0x21f/0x2f0 [i40e]
i40e_open+0x63/0x130 [i40e]
__dev_open+0xfc/0x210
__dev_change_flags+0x1fc/0x240
netif_change_flags+0x27/0x70
do_setlink.isra.0+0x341/0xc70
rtnl_newlink+0x468/0x860
rtnetlink_rcv_msg+0x375/0x450
netlink_rcv_skb+0x5c/0x110
netlink_unicast+0x288/0x3c0
netlink_sendmsg+0x20d/0x430
____sys_sendmsg+0x3a2/0x3d0
___sys_sendmsg+0x99/0xe0
__sys_sendmsg+0x8a/0xf0
do_syscall_64+0x82/0x2c0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
[...]
</TASK>
---[ end trace 0000000000000000 ]---
Use the same dev_id for free_irq() as for request_irq().
I tested this with inserting code to fail intentionally.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Known Affected Software
2 configuration(s) from 2 vendor(s)
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*
USN-8261-1
USN-8261-1: Linux kernel (Xilinx) vulnerabilities
USN-8163-2
USN-8163-2: Linux kernel (Azure) vulnerabilities
USN-8165-1
USN-8165-1: Linux kernel (Azure FIPS) vulnerabilities
USN-8163-1
USN-8163-1: Linux kernel (Azure FIPS) vulnerabilities
USN-8095-5
USN-8095-5: Linux kernel (Raspberry Pi) vulnerabilities
USN-8141-1
USN-8141-1: Linux kernel (Raspberry Pi) vulnerabilities
USN-8126-1
USN-8126-1: Linux kernel (Azure) vulnerabilities
USN-8125-1
USN-8125-1: Linux kernel (Azure) vulnerabilities
USN-8095-4
USN-8095-4: Linux kernel (AWS) vulnerabilities
USN-8095-3
USN-8095-3: Linux kernel (Real-time) vulnerabilities
References & Resources
-
https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
Key Information
- Published Date
- October 01, 2025
