CVE-2025-71156 — Missing Initialization of Resource in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 23
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
gve: defer interrupt enabling until NAPI registration
Currently, interrupts are automatically enabled immediately upon
request. This allows interrupt to fire before the associated NAPI
context is fully initialized and cause failures like below:
[ 0.946369] Call Trace:
[ 0.946369]
[ 0.946369] __napi_poll+0x2a/0x1e0
[ 0.946369] net_rx_action+0x2f9/0x3f0
[ 0.946369] handle_softirqs+0xd6/0x2c0
[ 0.946369] ? handle_edge_irq+0xc1/0…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages7 packages
▶CVEListV5linux/linux1dfc2e46117e5c41037e27e859e75a7518881ee6 — f5b7f49bd2377916ad57cbd1210c61196daff013+3
Patches
🔴Vulnerability Details
2OSV▶
CVE-2025-71156: In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are au↗2026-01-23
GHSA▶
GHSA-xfmh-3cc9-8vq3: In the Linux kernel, the following vulnerability has been resolved:
gve: defer interrupt enabling until NAPI registration
Currently, interrupts are↗2026-01-23
📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2025-71156: linux - In the Linux kernel, the following vulnerability has been resolved: gve: defer ...↗2025