CVE-2025-23140 is a vulnerability identified in the Linux kernel, specifically within the pci_endpoint_test driver component. The issue arises when the function devm_request_irq() fails during the process of requesting interrupt requests (IRQs) in pci_endpoint_test_request_irq(). The existing code assumes that upon failure, all IRQs have been properly released by calling pci_endpoint_test_free_irq_vectors(). However, this assumption is incorrect because some IRQs remain unreleased. This leads to residual entries under /proc/irq/, which causes kernel warnings and potential resource leakage. The warning message indicates that a non-empty directory is being removed, which is symptomatic of IRQs not being freed correctly. The root cause is a failure to update the count of remaining IRQs and to release them in advance properly. The fix involves setting the number of remaining IRQs to test->num_irqs and explicitly releasing IRQs by calling pci_endpoint_test_release_irq() before freeing IRQ vectors. This vulnerability is a resource management flaw that could lead to kernel warnings and potential instability due to IRQ leakage. While it does not directly indicate a remote code execution or privilege escalation vector, the improper handling of IRQs could be exploited in complex attack scenarios to cause denial of service or kernel instability. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability primarily poses a risk to systems running affected Linux kernel versions that include the pci_endpoint_test driver, which is typically used for PCI endpoint device testing and development. The impact is mostly related to system stability and reliability rather than direct compromise. In environments where Linux servers or embedded devices are used extensively, especially in industrial control systems, telecommunications, or data centers, this IRQ leakage could lead to kernel warnings, increased system logs, and potentially degraded performance or crashes if IRQ resources are exhausted. This could disrupt critical services and operations, particularly in sectors like finance, healthcare, and manufacturing that rely heavily on Linux-based infrastructure. Although exploitation requires local access and specific conditions, the vulnerability could be leveraged by attackers or malicious insiders to cause denial of service or to facilitate further kernel-level attacks. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system integrity and availability.

European organizations should prioritize updating their Linux kernel to the patched versions that include the fix for CVE-2025-23140. Since the vulnerability is in the pci_endpoint_test driver, organizations that do not use PCI endpoint testing features can consider disabling or blacklisting this module to reduce attack surface. System administrators should monitor kernel logs for warnings related to IRQ leakage and investigate any anomalies promptly. For embedded or specialized Linux systems, coordinate with vendors to ensure firmware and kernel updates are applied. Additionally, implement strict access controls to limit local user privileges, reducing the risk of exploitation by unauthorized users. Regular kernel integrity checks and system audits can help detect attempts to exploit IRQ handling flaws. Finally, maintain robust incident response procedures to quickly address any stability issues arising from this vulnerability.