Linux Kernel i40e Driver Vulnerability and Debug Access Removal
CVE-2025-39901

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39901?

The Linux kernel's i40e driver had several debugfs files that allowed read access, providing largely meaningless information. This debug access posed risks as it could lead to potential memory read vulnerabilities during simultaneous accesses across devices. A lack of proper locking mechanisms further compounded these risks, where arbitrary kernel memory could have been accessed due to flawed handling of input commands. The flaw has been addressed by completely removing read access to these debug interfaces, thus preventing any possibility of exploitation while maintaining the overall integrity of the kernel's operation.

Affected Version(s)

Linux 02e9c290814cc143ceccecb14eac3e7a05da745e < 70d3dad7d5ad077965d7a63eed1942b7ba49bfb4

Linux 02e9c290814cc143ceccecb14eac3e7a05da745e < 7d190963b80f4cd99d7008615600aa7cc993c6ba

Linux 02e9c290814cc143ceccecb14eac3e7a05da745e < 9fcdb1c3c4ba134434694c001dbff343f1ffa319

References

https://git.kernel.org/stable/c/70d3dad7d5ad077965d7a63ee...

https://git.kernel.org/stable/c/7d190963b80f4cd99d7008615...

https://git.kernel.org/stable/c/9fcdb1c3c4ba134434694c001...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON