Use-After-Free Vulnerability in Linux Kernel ixgbe Product by Intel
CVE-2025-40091

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40091?

A use-after-free vulnerability was identified in the Intel ixgbe network driver within the Linux kernel. This issue arises when the devlink_free() function is prematurely called during the removal process of the ixgbe_adapter, potentially leading to severe stability and security concerns. The vulnerability allows for memory corruption, which could be exploited, resulting in unauthorized access or crashes. As a result, it is critical for users to update to secure versions of the Linux kernel that address this issue.

Affected Version(s)

Linux a0285236ab93fdfdd1008afaa04561d142d6c276

Linux a0285236ab93fdfdd1008afaa04561d142d6c276 < 5feef67b646d8f5064bac288e22204ffba2b9a4a

Linux 6.16

References

https://git.kernel.org/stable/c/df445969aa727cd64f3f29dc1...

https://git.kernel.org/stable/c/5feef67b646d8f5064bac288e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON