CVE-2025-39969

The vulnerability resides in the i40e driver for Intel Ethernet adapters. The function responsible for handling VF resource requests (i40e_vc_get_vf_resources_msg()) incorrectly used the I40E_VF_STATE_ACTIVE flag to determine if a VF is allowed to obtain resources. However, this flag is not a reliable indicator of VF readiness, as a VF can be active but not yet fully initialized or in the middle of a reset. This flaw could allow a VF that is not fully operational to request and receive resources, potentially leading to resource exhaustion or denial of service for other VFs or the PF.

An attacker with access to a VF on the same physical adapter could exploit this by sending a resource request while the VF is in a state where it should not be granted resources. The attack does not require any special privileges beyond normal VF privileges but leverages the incorrect state check to bypass the intended resource allocation policy. The prerequisite is that the attacker controls a VF is able to interact with the PF via the virtual channel.

The impact is that a malicious or misconfigured VF could consume resources that should be reserved for properly initialized VFs, leading to denial of service for other VFs or the PF. In worst-case scenarios, this could cause the PF to crash or become unresponsive, affecting all VFs on the adapter.

The fix, applied to the Linux kernel stable branches, replaces the check for I40E_VF_STATE_ACTIVE with I40E_VF_STATE_RESOURCES_LOADED. This flag is set only when the VF has successfully completed resource loading and is cleared during reset, ensuring that only fully ready VFs can obtain resources. Users should update their kernel to include the patch commit [1][2][3] to mitigate this vulnerability.