Linux Kernel PCI Component Vulnerability Affecting Certain Devices
CVE-2025-39784

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39784?

In the Linux kernel's PCI subsystem, a flaw exists related to the link speed calculation during retraining failures. The function pcie_failed_link_retrain() erroneously attempts to revert to a previous link speed based on values from the Link Control 2 register, neglecting to mask out non-speed-related bits. This oversight can lead to the system incorrectly identifying the speed as 'PCI_SPEED_UNKNOWN'. As a result, the system logs warnings indicating the device is broken and retraining fails. To mitigate this, the non-speed bits in functions PCIE_LNKCTL2_TLS2SPEED() and PCIE_LNKCAP_SLS2SPEED() have been adjusted to ensure accurate speed reporting.

Affected Version(s)

Linux de9a6c8d5dbfedb5eb3722c822da0490f6a59a45 < 16557320f378262b5c605b15edebd3642406992a

Linux de9a6c8d5dbfedb5eb3722c822da0490f6a59a45 < 9989e0ca7462c62f93dbc62f684448aa2efb9226

Linux 6.13

References

https://git.kernel.org/stable/c/16557320f378262b5c605b15e...

https://git.kernel.org/stable/c/9989e0ca7462c62f93dbc62f6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025