Linux Kernel i40e Component Vulnerability Exposes Configuration Flaws
CVE-2025-39971

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-39971?

A vulnerability in the Linux kernel's i40e component allows for improper index validation during the configuration of virtual functions. This flaw arises when validating indices against the number of active or initialized traffic classes (TCs). The issue occurs within the i40e_vc_config_queues_msg() function, which can lead to unexpected behavior if the indices exceed the valid range, potentially resulting in system instability or exploitation.

Affected Version(s)

Linux c27eac48160de72dee33d42b5a33cc7b8a2eb1f5

Linux c27eac48160de72dee33d42b5a33cc7b8a2eb1f5 < 1fa0aadade34481c567cdf4a897c0d4e4d548bd1

References

https://git.kernel.org/stable/c/a6ff2af78343eceb0f77ab1a2...

https://git.kernel.org/stable/c/f5f91d164af22e7147130ef8b...

https://git.kernel.org/stable/c/1fa0aadade34481c567cdf4a8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON