Linux Kernel Vulnerability in IGC Network Driver LED Setup

CVE-2025-39956

What is CVE-2025-39956?

The vulnerability in the IGC network driver in the Linux kernel arises when the function igc_led_setup() fails. This failure causes igc_probe() to fail as well, leading to a kernel panic due to the absence of a corresponding unregister_netdev() call. It is essential to handle LED setup errors properly; they should be treated as non-fatal, allowing for continued probing and issuing a warning message instead of crashing the kernel. This behavior is crucial for maintaining system stability and preventing disruptions in network connectivity. The vulnerability can be examined through the fault-injection framework, especially utilizing the failslab feature to simulate conditions that would trigger the error.

References