What is CVE-2025-40091?

CVE-2025-40091 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.16 onward and patched in 6.17.5 and 6.18. CVE-2025-40091 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40091?

CVE-2025-40091 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40091?

Yes, CVE-2025-40091 has been patched. Fixed versions include 6.17.5 and 6.18. If you are running Linux kernel 6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40091 actively exploited?

CVE-2025-40091 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40091

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove() Since ixgbe_adapter is embedded in devlink, calling devlink_free() prematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free() to the end. KASAN report: BUG: KASAN: use-after-free in ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe] Read of size 8 at addr ffff0000adf813e0 by task bash/2095 CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full) [...] Call trace: show_stack+0x30/0x90 (C) dump_stack_lvl+0x9c/0xd0 print_address_description.constprop.0+0x90/0x310 print_report+0x104/0x1f0 kasan_report+0x88/0x180 __asan_report_load8_noabort+0x20/0x30 ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe] ixgbe_clear_interrupt_scheme+0xf8/0x130 [ixgbe] ixgbe_remove+0x2d0/0x8c0 [ixgbe] pci_device_remove+0xa0/0x220 device_remove+0xb8/0x170 device_release_driver_internal+0x318/0x490 device_driver_detach+0x40/0x68 unbind_store+0xec/0x118 drv_attr_store+0x64/0xb8 sysfs_kf_write+0xcc/0x138 kernfs_fop_write_iter+0x294/0x440 new_sync_write+0x1fc/0x588 vfs_write+0x480/0x6a0 ksys_write+0xf0/0x1e0 __arm64_sys_write+0x70/0xc0 invoke_syscall.constprop.0+0xcc/0x280 el0_svc_common.constprop.0+0xa8/0x248 do_el0_svc+0x44/0x68 el0_svc+0x54/0x160 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1b0/0x1b8

Package Linux Kernel

Published 2025-10-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.16 and later are affected. Fixed in 6.17.5, 6.18 and their respective stable series.

Affected from

≥ 6.16

Fixed in

✓ 6.17.5 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40091 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5feef67b646d8f5064bac288e22204ffba2b9a4a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/df445969aa727cd64f3f29dc1f85fb60aca238d1
Patch

Frequently asked questions

What is CVE-2025-40091?

CVE-2025-40091 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.16 onward and has been patched in 6.17.5 and 6.18. CVE-2025-40091 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40091?

Yes — CVE-2025-40091 has been patched. Fixed versions include 6.17.5 and 6.18. If you are running Linux kernel 6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40091 actively exploited?

No — CVE-2025-40091 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.