2404097 – (CVE-2025-39969) CVE-2025-39969 kernel: i40e: fix validation of VF state in get resources

Bug 2404097 (CVE-2025-39969) - CVE-2025-39969 kernel: i40e: fix validation of VF state in get resources

Summary: CVE-2025-39969 kernel: i40e: fix validation of VF state in get resources

Keywords:
Status:	NEW
Alias:	CVE-2025-39969
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-15 08:01 UTC by OSIDB Bzimport
Modified:	2025-10-16 12:21 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-15 08:01:44 UTC

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix validation of VF state in get resources

VF state I40E_VF_STATE_ACTIVE is not the only state in which
VF is actually active so it should not be used to determine
if a VF is allowed to obtain resources.

Use I40E_VF_STATE_RESOURCES_LOADED that is set only in
i40e_vc_get_vf_resources_msg() and cleared during reset.

Comment 1 Alexander B 2025-10-16 12:18:03 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025101555-CVE-2025-39969-fbee@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.