CVE-2025-39911 — Missing Release of Resource after Effective Lifetime in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration
later than the first, the error path wants to free the IRQs requested
so far. However, it uses the wrong dev_id argument for free_irq(), so
it does not free the IRQs correctly and instead triggers the warning:
Trying to free already-free IRQ 173
WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux493fb30011b3ab5173cef96f1d1ce126da051792 — 13ab9adef3cd386511c930a9660ae06595007f89+8
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-39911: In the Linux kernel, the following vulnerability has been resolved: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path If request_irq() in↗2025-10-01
GHSA▶
GHSA-53x5-9xgx-8wwp: In the Linux kernel, the following vulnerability has been resolved:
i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
If request_irq() i↗2025-10-01