Vulnerability in Linux Kernel Affects i40e Driver Functionality
CVE-2025-39972

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-39972?

In the Linux kernel, an input validation vulnerability has been identified within the i40e driver, specifically in the i40e_validate_queue_map function. This issue occurs when the index used for iterating over virtual functions’ channels is not properly validated against the range of active or initialized traffic classes. This oversight could potentially lead to improper access and handling of data, creating a risk for exploitation in configured environments. Addressing this vulnerability is crucial to maintaining system integrity and security.

Affected Version(s)

Linux c27eac48160de72dee33d42b5a33cc7b8a2eb1f5

Linux c27eac48160de72dee33d42b5a33cc7b8a2eb1f5 < 6f15a7b34fae75e745bdc2ec05e06ddfd0dd2f3c

Linux c27eac48160de72dee33d42b5a33cc7b8a2eb1f5 < 34dfac0c904829967d500c51f216916ce1452957

References

https://git.kernel.org/stable/c/b6cb93a7ff208f324c7ec581d...

https://git.kernel.org/stable/c/6f15a7b34fae75e745bdc2ec0...

https://git.kernel.org/stable/c/34dfac0c904829967d500c51f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON