CVE-2025-23140

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the pci endpoint test module. The issue occurs when devm request irq() fails with an error in pci endpoint test request irq(), and pci endpoint test free irq vectors() is called, assuming all IRQs have been released. However, some requested IRQs remain unreleased, resulting in remaining /proc/irq/* entries and a WARN() message. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve this issue, set the number of remaining IRQs to test->num irqs, and release IRQs in advance by calling pci endpoint test release irq(). As a temporary workaround, consider disabling the pci endpoint test request irq() function until a patch is available. Restrict access to the vulnerable module pci endpoint test to minimize the risk of exploitation. Avoid using the irq parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.