CVE-2025-71156

HIGH

Linux kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause failures like below: [ 0.946369] Call Trace: [ 0.946369] <IRQ> [ 0.946369] __napi_poll+0x2a/0x1e0 [ 0.946369] net_rx_action+0x2f9/0x3f0 [ 0.946369] handle_softirqs+0xd6/0x2c0 [ 0.946369] ? handle_edge_irq+0xc1/0x1b0 [ 0.946369] __irq_exit_rcu+0xc3/0xe0 [ 0.946369] common_interrupt+0x81/0xa0 [ 0.946369] </IRQ> [ 0.946369] <TASK> [ 0.946369] asm_common_interrupt+0x22/0x40 [ 0.946369] RIP: 0010:pv_native_safe_halt+0xb/0x10 Use the `IRQF_NO_AUTOEN` flag when requesting interrupts to prevent auto enablement and explicitly enable the interrupt in NAPI initialization path (and disable it during NAPI teardown). This ensures that interrupt lifecycle is strictly coupled with readiness of NAPI context.

References (3)

[Patch] https://git.kernel.org/stable/c/3d970eda003441f66551a91fda16478ac0711617

[Patch] https://git.kernel.org/stable/c/48f9277680925e1a8623d6b2c50aadb7af824ace

[Patch] https://git.kernel.org/stable/c/f5b7f49bd2377916ad57cbd1210c61196daff013

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (6)

linux/Kernel < 6.12.64linux

linux/Kernel < 6.18.4linux

linux/linux_kernel < 6.12.64

linux/linux_kernel

Timeline

Published Jan 23, 2026

Tracked Since Feb 18, 2026