CVE-2025-71156

Description

In the Linux kernel, the following vulnerability has been resolved:gve: defer interrupt enabling until NAPI registrationCurrently, interrupts are automatically enabled immediately uponrequest. This allows interrupt to fire before the associated NAPIcontext is fully initialized and cause failures like below:[ 0.946369] Call Trace:[ 0.946369] [ 0.946369] __napi_poll+0x2a/0x1e0[ 0.946369] net_rx_action+0x2f9/0x3f0[ 0.946369] handle_softirqs+0xd6/0x2c0[ 0.946369] handle_edge_irq+0xc1/0x1b0[ 0.946369] __irq_exit_rcu+0xc3/0xe0[ 0.946369] common_interrupt+0x81/0xa0[ 0.946369] [ 0.946369] [ 0.946369] asm_common_interrupt+0x22/0x40[ 0.946369] RIP: 0010:pv_native_safe_halt+0xb/0x10Use the IRQF_NO_AUTOEN flag when requesting interrupts to prevent autoenablement and explicitly enable the interrupt in NAPI initializationpath (and disable it during NAPI teardown).This ensures that interrupt lifecycle is strictly coupled withreadiness of NAPI context.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.015

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234