CVE-2025-39969

CVE-2025-39969 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use I40E_VF_STATE_RESOURCES_LOADED that is set only in i40e_vc_get_vf_resources_msg() and cleared during reset.

Frequently asked questions

What is CVE-2025-39969?
In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use I40E_VF_STATE_RESOURCES_LOADED that is set only in i40e_vc_get_vf_resources_msg() and cleared during reset.
Is CVE-2025-39969 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (9th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-39969?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2025-39969 have an EU (EUVD) identifier?
Yes. CVE-2025-39969 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-34603.
When was CVE-2025-39969 published?
CVE-2025-39969 was published on 2025-10-15 and last updated on 2026-06-17.

References