Resource Management Flaw in i40e Driver for Linux Kernel
CVE-2025-39969

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-39969?

A resource management flaw in the i40e driver for the Linux kernel has been identified, affecting how the virtual function (VF) state is validated when requesting resources. The current implementation considers only the I40E_VF_STATE_ACTIVE state, which does not adequately represent all conditions under which a VF is deemed active. As a result, VFs may obtain resources erroneously. The vulnerability has been addressed by ensuring that the I40E_VF_STATE_RESOURCES_LOADED state is checked, which is appropriately set during resource requests and cleared on reset.

Affected Version(s)

Linux 171527da84149c2c7aa6a60a64b09d24f3546298 < 185745d56ec958bf8aa773828213237dfcc32f5a

Linux eb87117c27e729b0aeef4d72ed40d6a1761b0f68

Linux 2132643b956f553f5abddc9bae20dae267b082e0 < 8e35c80f8570426fe0f0cc92b151ebd835975f22

References

https://git.kernel.org/stable/c/185745d56ec958bf8aa773828...

https://git.kernel.org/stable/c/f47876788a23de296c42ef9d5...

https://git.kernel.org/stable/c/8e35c80f8570426fe0f0cc92b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON