Linux Kernel i40e Driver IRQ Freeing Vulnerability in Error Path

A vulnerability exists in the Linux kernel's i40e network driver related to improper IRQ management. When the function 'i40e_vsi_request_irq_msix()' fails after the first iteration, it attempts to free previously requested IRQs. However, it uses an incorrect 'dev_id' argument, leading to warnings about freeing an already-released IRQ. This issue was introduced in a prior commit that modified how IRQ vectors are managed.

Impact

The vulnerability causes a kernel warning about attempting to free an already-free IRQ, indicating a potential flaw in IRQ handling that could be exploited to disrupt normal driver operation.

Reproduction

The vulnerability can be reproduced by modifying the 'i40e_vsi_request_irq_msix()' function to intentionally fail after the first iteration. This will trigger the error handling path, which incorrectly frees the IRQs and generates the warning about freeing an already-free IRQ.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.