CVE-2025-23140 – This CVE describes a resource leak vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-23140?

CVE-2025-23140 has a CVSS score of 5.5 (MEDIUM). This CVE describes a resource leak vulnerability in the Linux kernel's PCI endpoint test driver. When request_irq() fails during IRQ allocation, the cleanup code doesn't properly release all requested IRQs, leaving orphaned /proc/irq entries that cause kernel warnings. This affects systems using the pci_endpoint_test driver, primarily in development/testing environments.

📋 TL;DR

This CVE describes a resource leak vulnerability in the Linux kernel's PCI endpoint test driver. When request_irq() fails during IRQ allocation, the cleanup code doesn't properly release all requested IRQs, leaving orphaned /proc/irq entries that cause kernel warnings. This affects systems using the pci_endpoint_test driver, primarily in development/testing environments.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected kernel versions not specified in CVE, but patches exist in stable branches

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems with pci_endpoint_test driver loaded/used. This is typically a test driver not used in production by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system instability due to resource exhaustion from repeated IRQ leaks, potentially leading to denial of service.

🟠

Likely Case

Kernel warning messages in system logs and potential minor performance degradation from resource leaks.

🟢

If Mitigated

Only kernel warning messages visible in logs with no functional impact.

🌐 Internet-Facing: LOW - This is a local driver issue requiring access to the PCI endpoint test functionality.

🏢 Internal Only: MEDIUM - Systems using the pci_endpoint_test driver in development/testing could experience instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger the pci_endpoint_test driver's IRQ allocation failure path, which typically requires privileged access or specific hardware conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in Linux kernel stable branches (commits referenced in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/0557e70e2aeba8647bf5a950820b67cfb86533db

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commits. 2. Check with your distribution for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable pci_endpoint_test driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist pci_endpoint_test' >> /etc/modprobe.d/blacklist.conf
rmmod pci_endpoint_test

🧯 If You Can't Patch

Ensure pci_endpoint_test driver is not loaded in production systems
Monitor kernel logs for WARN messages about remove_proc_entry and IRQ directory leaks

🔍 How to Verify

Check if Vulnerable:

Check if pci_endpoint_test module is loaded: lsmod | grep pci_endpoint_test

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits or monitor logs for absence of WARN messages about IRQ directory leaks

📡 Detection & Monitoring

Log Indicators:

Kernel WARN messages: 'remove_proc_entry: removing non-empty directory 'irq/[number]'', 'WARNING: CPU: [number] PID: [number] at fs/proc/generic.c:719'

Network Indicators:

None - this is a local kernel issue

SIEM Query:

source="kernel" AND ("remove_proc_entry" OR "irq/[0-9]+" OR "fs/proc/generic.c:719")

📊 Metadata

CVE ID: CVE-2025-23140

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.03% exploit probability (6.2th percentile)

Published: May 1, 2025

Last Updated: November 5, 2025

🔗 References

https://git.kernel.org/stable/c/0557e70e2aeba8647bf5a950820b67cfb86533db Patch
https://git.kernel.org/stable/c/54c9f299ad7d7c4be5d271ed12d01a59e95b8907 Patch
https://git.kernel.org/stable/c/5a4b7181213268c9b07bef8800905528435db44a Patch
https://git.kernel.org/stable/c/705be96504779e4a333ea042b4779ea941f0ace9 Patch
https://git.kernel.org/stable/c/770407f6173f4f39f4e2c1b54422b79ce6c98bdb Patch
https://git.kernel.org/stable/c/9d5118b107b1a2353ed0dff24404aee2e6b7ca0a Patch
https://git.kernel.org/stable/c/e516e187bf32d8decc7c7d0025ae4857cad13c0e Patch
https://git.kernel.org/stable/c/f6cb7828c8e17520d4f5afb416515d3fae1af9a9 Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON