{"id":"CVE-2025-39911","summary":"i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n  \u003cTASK\u003e\n  free_irq+0x32/0x70\n  i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n  i40e_vsi_request_irq+0x79/0x80 [i40e]\n  i40e_vsi_open+0x21f/0x2f0 [i40e]\n  i40e_open+0x63/0x130 [i40e]\n  __dev_open+0xfc/0x210\n  __dev_change_flags+0x1fc/0x240\n  netif_change_flags+0x27/0x70\n  do_setlink.isra.0+0x341/0xc70\n  rtnl_newlink+0x468/0x860\n  rtnetlink_rcv_msg+0x375/0x450\n  netlink_rcv_skb+0x5c/0x110\n  netlink_unicast+0x288/0x3c0\n  netlink_sendmsg+0x20d/0x430\n  ____sys_sendmsg+0x3a2/0x3d0\n  ___sys_sendmsg+0x99/0xe0\n  __sys_sendmsg+0x8a/0xf0\n  do_syscall_64+0x82/0x2c0\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  [...]\n  \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.","modified":"2026-05-07T04:15:58.298052Z","published":"2025-10-01T07:44:34.561Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:21080-1","SUSE-SU-2025:21147-1","SUSE-SU-2025:21180-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4189-1","SUSE-SU-2025:4301-1","openSUSE-SU-2025:20091-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39911.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89"},{"type":"WEB","url":"https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df"},{"type":"WEB","url":"https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39911.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39911"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"493fb30011b3ab5173cef96f1d1ce126da051792"},{"fixed":"13ab9adef3cd386511c930a9660ae06595007f89"},{"fixed":"6e4016c0dca53afc71e3b99e24252b63417395df"},{"fixed":"b9721a023df38cf44a88f2739b4cf51efd051f85"},{"fixed":"b905b2acb3a0bbb08ad9be9984d8cdabdf827315"},{"fixed":"23431998a37764c464737b855c71a81d50992e98"},{"fixed":"a30afd6617c30aaa338d1dbcb1e34e7a1890085c"},{"fixed":"c62580674ce5feb1be4f90b5873ff3ce50e0a1db"},{"fixed":"915470e1b44e71d1dd07ee067276f003c3521ee3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39911.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.13.0"},{"fixed":"5.4.300"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.245"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.194"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.153"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.107"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.48"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.16.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39911.json"}}],"schema_version":"1.7.5"}