Description
In the Linux kernel, the following vulnerability has been resolved:

idpf: check error for register_netdev() on init

Current init logic ignores the error code from register_netdev(),
which will cause WARN_ON() on attempt to unregister it, if there was one,
and there is no info for the user that the creation of the netdev failed.

WARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10
...
[ 3707.563641] unregister_netdev+0x1c/0x30
[ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf]
[ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf]
[ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf]
[ 3707.563739] idpf_remove+0xbf/0x780 [idpf]
[ 3707.563769] pci_device_remove+0xab/0x1e0
[ 3707.563786] device_release_driver_internal+0x371/0x530
[ 3707.563803] driver_detach+0xbf/0x180
[ 3707.563816] bus_remove_driver+0x11b/0x2a0
[ 3707.563829] pci_unregister_driver+0x2a/0x250

Introduce an error check and log the vport number and error code.
On removal make sure to check VPORT_REG_NETDEV flag prior to calling
unregister and free on the netdev.

Add local variables for idx, vport_config and netdev for readability.
Published: 2025-04-16
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Warning / Potential Service Disruption
Action: Patch Kernel
AI Analysis

Impact

This vulnerability occurs when the idpf driver initializes in the Linux kernel. The driver ignores the return value from register_netdev(), meaning that if the network device registration fails, the error is silently dropped. During driver removal, an attempt to unregister a non‑existent device triggers a WARN_ON() warning, and because the failure was masked, users see no indication that the netdev creation had failed. The flaw therefore leads to diagnostic warnings and, in repeated or uncontrolled scenarios, could potentially destabilize the kernel, but it does not provide direct access to data or remote code execution.

Affected Systems

The issue affects all Linux kernels that include the idpf driver, which is used for Intel Data Plane Framework network adapters. Any distribution kernel that incorporates this driver before the fix is susceptible. No specific version range is specified, so all kernel releases predating the patch are considered vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is reported to be less than 1%, implying a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. While the CVE description does not explicitly state the attack vector, based on the fact that the flaw is triggered during driver initialization or removal, it is inferred that local privileged access would be required to load or unload the idpf module. Consequently, the exposure is limited to the local system and does not enable remote exploitation.

Generated by OpenCVE AI on April 28, 2026 at 11:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the fix for the idpf register_netdev error handling.
  • If the updated kernel cannot be installed immediately, refrain from loading or removing the idpf module until the patch is applied to prevent WARN_ON conditions.
  • Monitor kernel logs for WARN_ON messages related to device unregister operations and review any high‑severity WARN_ON entries as potential indicators of the issue.

Generated by OpenCVE AI on April 28, 2026 at 11:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11174 In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will cause WARN_ON() on attempt to unregister it, if there was one, and there is no info for the user that the creation of the netdev failed. WARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10 ... [ 3707.563641] unregister_netdev+0x1c/0x30 [ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf] [ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf] [ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf] [ 3707.563739] idpf_remove+0xbf/0x780 [idpf] [ 3707.563769] pci_device_remove+0xab/0x1e0 [ 3707.563786] device_release_driver_internal+0x371/0x530 [ 3707.563803] driver_detach+0xbf/0x180 [ 3707.563816] bus_remove_driver+0x11b/0x2a0 [ 3707.563829] pci_unregister_driver+0x2a/0x250 Introduce an error check and log the vport number and error code. On removal make sure to check VPORT_REG_NETDEV flag prior to calling unregister and free on the netdev. Add local variables for idx, vport_config and netdev for readability.
Ubuntu USN Ubuntu USN USN-7594-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7594-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-7594-3 Linux kernel vulnerabilities
History

Tue, 28 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-252

Thu, 02 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Sat, 19 Apr 2025 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 16 Apr 2025 14:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will cause WARN_ON() on attempt to unregister it, if there was one, and there is no info for the user that the creation of the netdev failed. WARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10 ... [ 3707.563641] unregister_netdev+0x1c/0x30 [ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf] [ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf] [ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf] [ 3707.563739] idpf_remove+0xbf/0x780 [idpf] [ 3707.563769] pci_device_remove+0xab/0x1e0 [ 3707.563786] device_release_driver_internal+0x371/0x530 [ 3707.563803] driver_detach+0xbf/0x180 [ 3707.563816] bus_remove_driver+0x11b/0x2a0 [ 3707.563829] pci_unregister_driver+0x2a/0x250 Introduce an error check and log the vport number and error code. On removal make sure to check VPORT_REG_NETDEV flag prior to calling unregister and free on the netdev. Add local variables for idx, vport_config and netdev for readability.
Title idpf: check error for register_netdev() on init
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-02T11:30:41.493Z

Reserved: 2024-12-29T08:45:45.823Z

Link: CVE-2025-22116

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2025-04-16T15:16:05.800

Modified: 2026-04-02T12:16:17.957

Link: CVE-2025-22116

cve-icon Redhat

Severity : Low

Publid Date: 2025-04-16T00:00:00Z

Links: CVE-2025-22116 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:45:30Z

Weaknesses