CVE-2025-39911

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc1+

Description An issue exists in the Linux kernel related to incorrect IRQ freeing within the i40e network driver. Specifically, when request irq() fails during the i40e vsi request irq msix() function, the error handling path attempts to free previously requested IRQs using an incorrect device ID (dev id) for the free irq() function. This results in a failure to properly free the IRQs, leading to a warning message: 'Trying to free already-free IRQ'. The issue occurs when requesting Multiple Signal Interrupts (MSI) for a Virtual Switch Interface (VSI). The incorrect dev id argument in the free irq() function prevents the proper release of IRQ resources.

Recommendations Update to a version of the Linux kernel that addresses this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-118

Related Identifiers

AZL-68043

AZL-74754

BDU:2026-02382

CVE-2025-39911

DLA-4328-1

DLA-4404-1

ECHO-CCDA-E994-ADDE

MGASA-2025-0309

MGASA-2025-0310

OPENSUSE-SU-2025:20091-1

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:21080-1

SUSE-SU-2025:21147-1

SUSE-SU-2025:21180-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4301-1

USN-8033-1

USN-8033-2

USN-8033-3

USN-8033-4

USN-8033-5

USN-8033-6

USN-8033-7

USN-8033-8

USN-8034-1

USN-8034-2

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

I40E

CVE-2025-39911

Weakness Enumeration

Related Identifiers

Affected Products

References · 2756