PT-2025-42246 · Linux+9 · Linux Kernel+9

Published

2025-09-18

·

Updated

2026-05-07

·

CVE-2025-39971

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel related to index validation within configuration queues messaging in the i40e driver. Specifically, the issue occurs when iterating over vf->ch[idx] in the i40e vc config queues msg() function, failing to ensure that the index (idx) is within the range of active and initialized traffic classes (TCs).
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Weakness Enumeration

CWE-665

Related Identifiers

ALSA-2025:21917
ALSA-2025:21920
ALSA-2025:22395
AZL-68480
BDU:2026-02687
CESA-2025_21917
CESA-2025_21920
CVE-2025-39971
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-0781-6189-C8C0
INFSA-2025_21469
INFSA-2025_21917
INFSA-2025_21920
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2532
OESA-2025-2536
OESA-2025-2537
OESA-2025-2554
OESA-2025-2555
OPENSUSE-SU-2025:20091-1
RHSA-2025_21469
RHSA-2025_21917
RHSA-2025_21920
RHSA-2026:0173
RHSA-2026:0536
RHSA-2026:0643
RHSA-2026:1441
RHSA-2026:1443
RHSA-2026:1445
RHSA-2026:1494
RHSA-2026:1495
RHSA-2026:1581
RHSA-2026:1623
RHSA-2026:1886
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4189-1
SUSE-SU-2025:4301-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu
I40E