CVE-2025-39969

CVSS v2.0

5.2

Medium

Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the i40e network driver. The issue involves incorrect validation of Virtual Function (VF) state when obtaining resources. Specifically, the I40E VF STATE ACTIVE state was being used to determine if a VF was permitted to acquire resources, which is inaccurate as this state doesn't exclusively indicate an active VF. The correction involves utilizing I40E VF STATE RESOURCES LOADED, which is set only during resource allocation and cleared upon reset, to accurately assess VF resource access permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-371

Related Identifiers

AZL-68489

BDU:2026-02762

CVE-2025-39969

DLA-4379-1

DLA-4404-1

DSA-6053-1

ECHO-1EF7-5AE9-5E32

MGASA-2025-0309

MGASA-2025-0310

OESA-2025-2633

OESA-2025-2634

OESA-2025-2635

OESA-2026-1075

OESA-2026-1076

OPENSUSE-SU-2025:20091-1

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:21080-1

SUSE-SU-2025:21147-1

SUSE-SU-2025:21180-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

USN-8033-1

USN-8033-2

USN-8033-3

USN-8033-4

USN-8033-5

USN-8033-6

USN-8033-7

USN-8033-8

USN-8034-1

USN-8034-2

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

I40E

CVE-2025-39969

Weakness Enumeration

Related Identifiers

Affected Products

References · 2648