Linux Kernel Vulnerability in Hisilicon QM Affecting Virtual Functions
CVE-2025-40136

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40136?

A vulnerability has been identified in the Linux kernel concerning the Hisilicon QM driver, where a reserved interrupt intended for virtual functions was not properly registered. This oversight results in the driver allocating interrupt vectors inappropriately, particularly under configurations utilizing GICv4 and virtual function passthrough. When the system attempts to release the interrupt, it triggers a warning, which may lead to operational inconsistencies. To mitigate this issue, the reserved interrupt should be registered for virtual functions, and the IRQF_NO_AUTOEN flag should be applied to prevent this warning from occurring.

Affected Version(s)

Linux 3536cc55cadaf2a03241915f9cfdaf6cd073e4fe < 854da2b0df1654d63963d587b12fec6068d89643

Linux 3536cc55cadaf2a03241915f9cfdaf6cd073e4fe < 9228facb308157ac0bdd264b873187896f7a9c7a

Linux 6.1

References

https://git.kernel.org/stable/c/854da2b0df1654d63963d587b...

https://git.kernel.org/stable/c/9228facb308157ac0bdd264b8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON