Bug 2363316 (CVE-2025-23140) - CVE-2025-23140 kernel: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
Summary: CVE-2025-23140 kernel: misc: pci_endpoint_test: Avoid issue of interrupts rem...
Keywords:
Status: NEW
Alias: CVE-2025-23140
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-01 14:03 UTC by OSIDB Bzimport
Modified: 2025-05-02 04:05 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-05-01 14:03:32 UTC 
In the Linux kernel, the following vulnerability has been resolved:

misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error

After devm_request_irq() fails with error in pci_endpoint_test_request_irq(),
the pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs
have been released.

However, some requested IRQs remain unreleased, so there are still
/proc/irq/* entries remaining, and this results in WARN() with the
following message:

  remove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0'
  WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c

To solve this issue, set the number of remaining IRQs to test->num_irqs,
and release IRQs in advance by calling pci_endpoint_test_release_irq().

[kwilczynski: commit log]
Comment 1 Avinash Hanwate 2025-05-02 04:01:40 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050124-CVE-2025-23140-bd0d@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.