CVE-2025-39769

  • Published: 2025-09-11T17:15:42.390

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix lockdep warning during rmmod

The commit under the Fixes tag added a netdev_assert_locked() in
bnxt_free_ntp_fltrs(). The lock should be held during normal run-time
but the assert will be triggered (see below) during bnxt_remove_one()
which should not need the lock. The netdev is already unregistered by
then. Fix it by calling netdev_assert_locked_or_invisible() which will
not assert if the netdev is unregistered.

WARNING: CPU: 5 PID: 2241 at ./include/net/netdev_lock.h:17 bnxt_free_ntp_fltrs+0xf8/0x100 [bnxt_en]
Modules linked in: rpcrdma rdma_cm iw_cm ib_cm configfs ib_core bnxt_en(-) bridge stp llc x86_pkg_temp_thermal xfs tg3 [last unloaded: bnxt_re]
CPU: 5 UID: 0 PID: 2241 Comm: rmmod Tainted: G S W 6.16.0 #2 PREEMPT(voluntary)
Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN
Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017
RIP: 0010:bnxt_free_ntp_fltrs+0xf8/0x100 [bnxt_en]
Code: 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 8b 47 60 be ff ff ff ff 48 8d b8 28 0c 00 00 e8 d0 cf 41 c3 85 c0 0f 85 2e ff ff ff 0b e9 27 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffa92082387da0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff9e5b593d8000 RCX: 0000000000000001
RDX: 0000000000000001 RSI: ffffffff83dc9a70 RDI: ffffffff83e1a1cf
RBP: ffff9e5b593d8c80 R08: 0000000000000000 R09: ffffffff8373a2b3
R10: 000000008100009f R11: 0000000000000001 R12: 0000000000000001
R13: ffffffffc01c4478 R14: dead000000000122 R15: dead000000000100
FS: 00007f3a8a52c740(0000) GS:ffff9e631ad1c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bb289419c8 CR3: 000000011274e001 CR4: 00000000003706f0
Call Trace:

bnxt_remove_one+0x57/0x180 [bnxt_en]
pci_device_remove+0x39/0xc0
device_release_driver_internal+0xa5/0x130
driver_detach+0x42/0x90
bus_remove_driver+0x61/0xc0
pci_unregister_driver+0x38/0x90
bnxt_exit+0xc/0x7d0 [bnxt_en]

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

How to fix CVE-2025-39769

CVE-2025-39769 is a unknown severity vulnerability affecting the affected product.

Description: In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdev_assert_locked() in bnxt_free_ntp_fltrs(). The lock should be held during normal run-time but the assert will be triggered (see below) during bnxt_remove_one() which should not need the lock. The netdev is already […]

Exploit Difficulty: HARD
⏱️ Time to exploit: > 4 hours
🛠️ Required skills: Advanced security expertise
💰 Public exploits: Rare or not public

How to Fix:

1 Identify affected systems

- Check if you're running the affected product

2 Immediate actions

- Update to the latest patched version
- If patching is not immediately possible: restrict network exposure, apply least-privilege access

3 Verification

- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)

4 Long-term prevention

- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations

Exploit Difficulty Assessment

HARD
⏱️ Time to Exploit: > 4 hours
🛠️ Skills Required: Advanced security expertise
💰 Public Exploits: Rare or not public

Vulnerability Timeline

Sep 11, 2025
Vulnerability Published

CVE details first published to NVD database

Nov 12, 2025
Imported to Database

Added to this CVE tracking system

Detection Rules & IOCs

No specific detection rules generated for this vulnerability type.

No vendor/product data available.