Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0329
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Micro Extras 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23167"
},
{
"name": "CVE-2025-68374",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68374"
},
{
"name": "CVE-2026-23129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23129"
},
{
"name": "CVE-2025-68778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68778"
},
{
"name": "CVE-2025-68736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68736"
},
{
"name": "CVE-2025-68283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68283"
},
{
"name": "CVE-2026-23004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23004"
},
{
"name": "CVE-2025-71071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71071"
},
{
"name": "CVE-2025-71191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71191"
},
{
"name": "CVE-2025-68295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68295"
},
{
"name": "CVE-2025-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2026-23139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23139"
},
{
"name": "CVE-2026-23208",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23208"
},
{
"name": "CVE-2026-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23017"
},
{
"name": "CVE-2025-71189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71189"
},
{
"name": "CVE-2026-23179",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23179"
},
{
"name": "CVE-2026-23090",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23090"
},
{
"name": "CVE-2026-23035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23035"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2026-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23064"
},
{
"name": "CVE-2026-23061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23061"
},
{
"name": "CVE-2026-23135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23135"
},
{
"name": "CVE-2026-23119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23119"
},
{
"name": "CVE-2026-23173",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23173"
},
{
"name": "CVE-2026-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"name": "CVE-2026-23094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23094"
},
{
"name": "CVE-2026-23049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23049"
},
{
"name": "CVE-2026-23229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"name": "CVE-2026-23101",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23101"
},
{
"name": "CVE-2026-23099",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23099"
},
{
"name": "CVE-2026-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23085"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2026-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23150"
},
{
"name": "CVE-2026-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23163"
},
{
"name": "CVE-2025-71235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71235"
},
{
"name": "CVE-2026-23057",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23057"
},
{
"name": "CVE-2026-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23166"
},
{
"name": "CVE-2026-23116",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23116"
},
{
"name": "CVE-2026-23207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23207"
},
{
"name": "CVE-2025-71200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71200"
},
{
"name": "CVE-2026-23172",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23172"
},
{
"name": "CVE-2026-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23133"
},
{
"name": "CVE-2026-23170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23170"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2025-71188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71188"
},
{
"name": "CVE-2026-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23214"
},
{
"name": "CVE-2025-37861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37861"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2025-71196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71196"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-23078",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23078"
},
{
"name": "CVE-2025-68785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68785"
},
{
"name": "CVE-2025-38224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38224"
},
{
"name": "CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"name": "CVE-2025-71126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71126"
},
{
"name": "CVE-2025-71199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71199"
},
{
"name": "CVE-2025-71195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71195"
},
{
"name": "CVE-2026-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23083"
},
{
"name": "CVE-2026-23108",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23108"
},
{
"name": "CVE-2025-71194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71194"
},
{
"name": "CVE-2026-23068",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23068"
},
{
"name": "CVE-2026-23089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23089"
},
{
"name": "CVE-2025-71225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71225"
},
{
"name": "CVE-2026-23071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23071"
},
{
"name": "CVE-2026-23056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23056"
},
{
"name": "CVE-2026-23063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23063"
},
{
"name": "CVE-2026-23073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23073"
},
{
"name": "CVE-2026-23058",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23058"
},
{
"name": "CVE-2025-71182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71182"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2026-23026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23026"
},
{
"name": "CVE-2025-71190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71190"
},
{
"name": "CVE-2026-23107",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23107"
},
{
"name": "CVE-2025-71104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71104"
},
{
"name": "CVE-2026-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23146"
},
{
"name": "CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"name": "CVE-2026-23037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23037"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23221"
},
{
"name": "CVE-2026-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23151"
},
{
"name": "CVE-2026-23152",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23152"
},
{
"name": "CVE-2026-22982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22982"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2025-71229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71229"
},
{
"name": "CVE-2026-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23213"
},
{
"name": "CVE-2026-23091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23091"
},
{
"name": "CVE-2023-53817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53817"
},
{
"name": "CVE-2025-71192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71192"
},
{
"name": "CVE-2026-23121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23121"
},
{
"name": "CVE-2025-39964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
},
{
"name": "CVE-2025-71066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71066"
},
{
"name": "CVE-2025-71236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71236"
},
{
"name": "CVE-2025-71234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71234"
},
{
"name": "CVE-2025-71185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71185"
},
{
"name": "CVE-2026-23096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23096"
},
{
"name": "CVE-2025-71232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71232"
},
{
"name": "CVE-2025-40099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
},
{
"name": "CVE-2026-23105",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23105"
},
{
"name": "CVE-2026-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23141"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23086"
},
{
"name": "CVE-2025-71148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71148"
},
{
"name": "CVE-2026-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23156"
},
{
"name": "CVE-2026-23095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23095"
},
{
"name": "CVE-2025-39748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
},
{
"name": "CVE-2023-53827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53827"
},
{
"name": "CVE-2026-23033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23033"
},
{
"name": "CVE-2026-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23145"
},
{
"name": "CVE-2026-23104",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23104"
},
{
"name": "CVE-2026-23003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23003"
},
{
"name": "CVE-2026-23076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23076"
},
{
"name": "CVE-2026-23171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23171"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2026-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23084"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2026-22979",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22979"
},
{
"name": "CVE-2026-23110",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23110"
},
{
"name": "CVE-2026-23060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23060"
},
{
"name": "CVE-2025-71197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71197"
},
{
"name": "CVE-2025-71113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71113"
},
{
"name": "CVE-2026-23102",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23102"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2026-23082",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23082"
},
{
"name": "CVE-2026-23155",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23155"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2026-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23113"
},
{
"name": "CVE-2025-71231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71231"
},
{
"name": "CVE-2023-53794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53794"
},
{
"name": "CVE-2025-68810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68810"
},
{
"name": "CVE-2025-71198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71198"
},
{
"name": "CVE-2026-23021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23021"
},
{
"name": "CVE-2025-68285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68285"
},
{
"name": "CVE-2026-23053",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23053"
},
{
"name": "CVE-2025-71184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71184"
},
{
"name": "CVE-2026-23080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23080"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0329",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20674-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620674-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20672-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620672-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20680-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620680-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20699-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620699-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20678-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620678-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20679-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620679-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20702-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620702-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20704-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620704-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20681-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620681-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20700-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620700-1"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:0928-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260928-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20719-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620719-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20711-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620711-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20720-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620720-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20701-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620701-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20713-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620713-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20703-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620703-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20705-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620705-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20667-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620667-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20673-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620673-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20676-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620676-1"
}
]
}
CVE-2025-71066 (GCVE-0-2025-71066)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:31 – Updated: 2026-05-23 16:03
VLAI
EPSS
Title
net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
zdi-disclosures@trendmicro.com says:
The vulnerability is a race condition between `ets_qdisc_dequeue` and
`ets_qdisc_change`. It leads to UAF on `struct Qdisc` object.
Attacker requires the capability to create new user and network namespace
in order to trigger the bug.
See my additional commentary at the end of the analysis.
Analysis:
static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,
struct netlink_ext_ack *extack)
{
...
// (1) this lock is preventing .change handler (`ets_qdisc_change`)
//to race with .dequeue handler (`ets_qdisc_dequeue`)
sch_tree_lock(sch);
for (i = nbands; i < oldbands; i++) {
if (i >= q->nstrict && q->classes[i].qdisc->q.qlen)
list_del_init(&q->classes[i].alist);
qdisc_purge_queue(q->classes[i].qdisc);
}
WRITE_ONCE(q->nbands, nbands);
for (i = nstrict; i < q->nstrict; i++) {
if (q->classes[i].qdisc->q.qlen) {
// (2) the class is added to the q->active
list_add_tail(&q->classes[i].alist, &q->active);
q->classes[i].deficit = quanta[i];
}
}
WRITE_ONCE(q->nstrict, nstrict);
memcpy(q->prio2band, priomap, sizeof(priomap));
for (i = 0; i < q->nbands; i++)
WRITE_ONCE(q->classes[i].quantum, quanta[i]);
for (i = oldbands; i < q->nbands; i++) {
q->classes[i].qdisc = queues[i];
if (q->classes[i].qdisc != &noop_qdisc)
qdisc_hash_add(q->classes[i].qdisc, true);
}
// (3) the qdisc is unlocked, now dequeue can be called in parallel
// to the rest of .change handler
sch_tree_unlock(sch);
ets_offload_change(sch);
for (i = q->nbands; i < oldbands; i++) {
// (4) we're reducing the refcount for our class's qdisc and
// freeing it
qdisc_put(q->classes[i].qdisc);
// (5) If we call .dequeue between (4) and (5), we will have
// a strong UAF and we can control RIP
q->classes[i].qdisc = NULL;
WRITE_ONCE(q->classes[i].quantum, 0);
q->classes[i].deficit = 0;
gnet_stats_basic_sync_init(&q->classes[i].bstats);
memset(&q->classes[i].qstats, 0, sizeof(q->classes[i].qstats));
}
return 0;
}
Comment:
This happens because some of the classes have their qdiscs assigned to
NULL, but remain in the active list. This commit fixes this issue by always
removing the class from the active list before deleting and freeing its
associated qdisc
Reproducer Steps
(trimmed version of what was sent by zdi-disclosures@trendmicro.com)
```
DEV="${DEV:-lo}"
ROOT_HANDLE="${ROOT_HANDLE:-1:}"
BAND2_HANDLE="${BAND2_HANDLE:-20:}" # child under 1:2
PING_BYTES="${PING_BYTES:-48}"
PING_COUNT="${PING_COUNT:-200000}"
PING_DST="${PING_DST:-127.0.0.1}"
SLOW_TBF_RATE="${SLOW_TBF_RATE:-8bit}"
SLOW_TBF_BURST="${SLOW_TBF_BURST:-100b}"
SLOW_TBF_LAT="${SLOW_TBF_LAT:-1s}"
cleanup() {
tc qdisc del dev "$DEV" root 2>/dev/null
}
trap cleanup EXIT
ip link set "$DEV" up
tc qdisc del dev "$DEV" root 2>/dev/null || true
tc qdisc add dev "$DEV" root handle "$ROOT_HANDLE" ets bands 2 strict 2
tc qdisc add dev "$DEV" parent 1:2 handle "$BAND2_HANDLE" \
tbf rate "$SLOW_TBF_RATE" burst "$SLOW_TBF_BURST" latency "$SLOW_TBF_LAT"
tc filter add dev "$DEV" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2
tc -s qdisc ls dev $DEV
ping -I "$DEV" -f -c "$PING_COUNT" -s "$PING_BYTES" -W 0.001 "$PING_DST" \
>/dev/null 2>&1 &
tc qdisc change dev "$DEV" root handle "$ROOT_HANDLE" ets bands 2 strict 0
tc qdisc change dev "$DEV" root handle "$ROOT_HANDLE" ets bands 2 strict 2
tc -s qdisc ls dev $DEV
tc qdisc del dev "$DEV" parent
---truncated---
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/062d5d544e5644734… | |
| https://git.kernel.org/stable/c/c7f6e7cc14df72b99… | |
| https://git.kernel.org/stable/c/a75d617a4ef08682f… | |
| https://git.kernel.org/stable/c/9987cda315c08f63a… | |
| https://git.kernel.org/stable/c/06bfb66a7c8b45e3f… | |
| https://git.kernel.org/stable/c/45466141da3c98a0c… | |
| https://git.kernel.org/stable/c/ce052b9402e461a9a… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ae2659d2c670252759ee9c823c4e039c0e05a6f2 , < 062d5d544e564473450d72e6af83077c2b2ff7c3
(git)
Affected: e25bdbc7e951ae5728fee1f4c09485df113d013c , < c7f6e7cc14df72b997258216e99d897d2df0dbbd (git) Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < a75d617a4ef08682f5cfaadc01d5141c87e019c9 (git) Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < 9987cda315c08f63a02423fa2f9a1f6602c861a0 (git) Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < 06bfb66a7c8b45e3fed01351a4b087410ae5ef39 (git) Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < 45466141da3c98a0c5fa88be0bc14b4b6a4bd75c (git) Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < ce052b9402e461a9aded599f5b47e76bc727f7de (git) Affected: 5.10.83 , < 5.10.248 (semver) Affected: 5.15.6 , < 5.15.198 (semver) |
|
| Linux | Linux |
Affected:
5.16
Unaffected: 0 , < 5.16 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-71066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T03:55:51.470582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T12:50:15.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_ets.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "062d5d544e564473450d72e6af83077c2b2ff7c3",
"status": "affected",
"version": "ae2659d2c670252759ee9c823c4e039c0e05a6f2",
"versionType": "git"
},
{
"lessThan": "c7f6e7cc14df72b997258216e99d897d2df0dbbd",
"status": "affected",
"version": "e25bdbc7e951ae5728fee1f4c09485df113d013c",
"versionType": "git"
},
{
"lessThan": "a75d617a4ef08682f5cfaadc01d5141c87e019c9",
"status": "affected",
"version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
"versionType": "git"
},
{
"lessThan": "9987cda315c08f63a02423fa2f9a1f6602c861a0",
"status": "affected",
"version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
"versionType": "git"
},
{
"lessThan": "06bfb66a7c8b45e3fed01351a4b087410ae5ef39",
"status": "affected",
"version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
"versionType": "git"
},
{
"lessThan": "45466141da3c98a0c5fa88be0bc14b4b6a4bd75c",
"status": "affected",
"version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
"versionType": "git"
},
{
"lessThan": "ce052b9402e461a9aded599f5b47e76bc727f7de",
"status": "affected",
"version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
"versionType": "git"
},
{
"lessThan": "5.10.248",
"status": "affected",
"version": "5.10.83",
"versionType": "semver"
},
{
"lessThan": "5.15.198",
"status": "affected",
"version": "5.15.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_ets.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "5.10.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.15.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n\nzdi-disclosures@trendmicro.com says:\n\nThe vulnerability is a race condition between `ets_qdisc_dequeue` and\n`ets_qdisc_change`. It leads to UAF on `struct Qdisc` object.\nAttacker requires the capability to create new user and network namespace\nin order to trigger the bug.\nSee my additional commentary at the end of the analysis.\n\nAnalysis:\n\nstatic int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,\n struct netlink_ext_ack *extack)\n{\n...\n\n // (1) this lock is preventing .change handler (`ets_qdisc_change`)\n //to race with .dequeue handler (`ets_qdisc_dequeue`)\n sch_tree_lock(sch);\n\n for (i = nbands; i \u003c oldbands; i++) {\n if (i \u003e= q-\u003enstrict \u0026\u0026 q-\u003eclasses[i].qdisc-\u003eq.qlen)\n list_del_init(\u0026q-\u003eclasses[i].alist);\n qdisc_purge_queue(q-\u003eclasses[i].qdisc);\n }\n\n WRITE_ONCE(q-\u003enbands, nbands);\n for (i = nstrict; i \u003c q-\u003enstrict; i++) {\n if (q-\u003eclasses[i].qdisc-\u003eq.qlen) {\n\t\t // (2) the class is added to the q-\u003eactive\n list_add_tail(\u0026q-\u003eclasses[i].alist, \u0026q-\u003eactive);\n q-\u003eclasses[i].deficit = quanta[i];\n }\n }\n WRITE_ONCE(q-\u003enstrict, nstrict);\n memcpy(q-\u003eprio2band, priomap, sizeof(priomap));\n\n for (i = 0; i \u003c q-\u003enbands; i++)\n WRITE_ONCE(q-\u003eclasses[i].quantum, quanta[i]);\n\n for (i = oldbands; i \u003c q-\u003enbands; i++) {\n q-\u003eclasses[i].qdisc = queues[i];\n if (q-\u003eclasses[i].qdisc != \u0026noop_qdisc)\n qdisc_hash_add(q-\u003eclasses[i].qdisc, true);\n }\n\n // (3) the qdisc is unlocked, now dequeue can be called in parallel\n // to the rest of .change handler\n sch_tree_unlock(sch);\n\n ets_offload_change(sch);\n for (i = q-\u003enbands; i \u003c oldbands; i++) {\n\t // (4) we\u0027re reducing the refcount for our class\u0027s qdisc and\n\t // freeing it\n qdisc_put(q-\u003eclasses[i].qdisc);\n\t // (5) If we call .dequeue between (4) and (5), we will have\n\t // a strong UAF and we can control RIP\n q-\u003eclasses[i].qdisc = NULL;\n WRITE_ONCE(q-\u003eclasses[i].quantum, 0);\n q-\u003eclasses[i].deficit = 0;\n gnet_stats_basic_sync_init(\u0026q-\u003eclasses[i].bstats);\n memset(\u0026q-\u003eclasses[i].qstats, 0, sizeof(q-\u003eclasses[i].qstats));\n }\n return 0;\n}\n\nComment:\nThis happens because some of the classes have their qdiscs assigned to\nNULL, but remain in the active list. This commit fixes this issue by always\nremoving the class from the active list before deleting and freeing its\nassociated qdisc\n\nReproducer Steps\n(trimmed version of what was sent by zdi-disclosures@trendmicro.com)\n\n```\nDEV=\"${DEV:-lo}\"\nROOT_HANDLE=\"${ROOT_HANDLE:-1:}\"\nBAND2_HANDLE=\"${BAND2_HANDLE:-20:}\" # child under 1:2\nPING_BYTES=\"${PING_BYTES:-48}\"\nPING_COUNT=\"${PING_COUNT:-200000}\"\nPING_DST=\"${PING_DST:-127.0.0.1}\"\n\nSLOW_TBF_RATE=\"${SLOW_TBF_RATE:-8bit}\"\nSLOW_TBF_BURST=\"${SLOW_TBF_BURST:-100b}\"\nSLOW_TBF_LAT=\"${SLOW_TBF_LAT:-1s}\"\n\ncleanup() {\n tc qdisc del dev \"$DEV\" root 2\u003e/dev/null\n}\ntrap cleanup EXIT\n\nip link set \"$DEV\" up\n\ntc qdisc del dev \"$DEV\" root 2\u003e/dev/null || true\n\ntc qdisc add dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\n\ntc qdisc add dev \"$DEV\" parent 1:2 handle \"$BAND2_HANDLE\" \\\n tbf rate \"$SLOW_TBF_RATE\" burst \"$SLOW_TBF_BURST\" latency \"$SLOW_TBF_LAT\"\n\ntc filter add dev \"$DEV\" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2\ntc -s qdisc ls dev $DEV\n\nping -I \"$DEV\" -f -c \"$PING_COUNT\" -s \"$PING_BYTES\" -W 0.001 \"$PING_DST\" \\\n \u003e/dev/null 2\u003e\u00261 \u0026\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 0\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\ntc -s qdisc ls dev $DEV\ntc qdisc del dev \"$DEV\" parent \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:01.947Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/062d5d544e564473450d72e6af83077c2b2ff7c3"
},
{
"url": "https://git.kernel.org/stable/c/c7f6e7cc14df72b997258216e99d897d2df0dbbd"
},
{
"url": "https://git.kernel.org/stable/c/a75d617a4ef08682f5cfaadc01d5141c87e019c9"
},
{
"url": "https://git.kernel.org/stable/c/9987cda315c08f63a02423fa2f9a1f6602c861a0"
},
{
"url": "https://git.kernel.org/stable/c/06bfb66a7c8b45e3fed01351a4b087410ae5ef39"
},
{
"url": "https://git.kernel.org/stable/c/45466141da3c98a0c5fa88be0bc14b4b6a4bd75c"
},
{
"url": "https://git.kernel.org/stable/c/ce052b9402e461a9aded599f5b47e76bc727f7de"
}
],
"title": "net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71066",
"datePublished": "2026-01-13T15:31:21.931Z",
"dateReserved": "2026-01-13T15:30:19.646Z",
"dateUpdated": "2026-05-23T16:03:01.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71071 (GCVE-0-2025-71071)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:31 – Updated: 2026-05-23 16:03
VLAI
EPSS
Title
iommu/mediatek: fix use-after-free on probe deferral
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/mediatek: fix use-after-free on probe deferral
The driver is dropping the references taken to the larb devices during
probe after successful lookup as well as on errors. This can
potentially lead to a use-after-free in case a larb device has not yet
been bound to its driver so that the iommu driver probe defers.
Fix this by keeping the references as expected while the iommu driver is
bound.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8412e5dd24ffc8bc21a00bfaa0b80d4596cdc9da , < 896ec55da3b90bdb9fc04fedc17ad8c359b2eee5
(git)
Affected: 26593928564cf5b576ff05d3cbd958f57c9534bb , < 5c04217d06a1161aaf36267e9d971ab6f847d5a7 (git) Affected: 26593928564cf5b576ff05d3cbd958f57c9534bb , < 1ef70a0b104ae8011811f60bcfaa55ff49385171 (git) Affected: 26593928564cf5b576ff05d3cbd958f57c9534bb , < f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a (git) Affected: 26593928564cf5b576ff05d3cbd958f57c9534bb , < de83d4617f9fe059623e97acf7e1e10d209625b5 (git) Affected: 51080de72e26771f0ed9d44982974279ccbc92b8 (git) Affected: 6.1.2 , < 6.1.160 (semver) Affected: 6.0.16 , < 6.1 (semver) |
|
| Linux | Linux |
Affected:
6.2
Unaffected: 0 , < 6.2 (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/mtk_iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "896ec55da3b90bdb9fc04fedc17ad8c359b2eee5",
"status": "affected",
"version": "8412e5dd24ffc8bc21a00bfaa0b80d4596cdc9da",
"versionType": "git"
},
{
"lessThan": "5c04217d06a1161aaf36267e9d971ab6f847d5a7",
"status": "affected",
"version": "26593928564cf5b576ff05d3cbd958f57c9534bb",
"versionType": "git"
},
{
"lessThan": "1ef70a0b104ae8011811f60bcfaa55ff49385171",
"status": "affected",
"version": "26593928564cf5b576ff05d3cbd958f57c9534bb",
"versionType": "git"
},
{
"lessThan": "f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a",
"status": "affected",
"version": "26593928564cf5b576ff05d3cbd958f57c9534bb",
"versionType": "git"
},
{
"lessThan": "de83d4617f9fe059623e97acf7e1e10d209625b5",
"status": "affected",
"version": "26593928564cf5b576ff05d3cbd958f57c9534bb",
"versionType": "git"
},
{
"status": "affected",
"version": "51080de72e26771f0ed9d44982974279ccbc92b8",
"versionType": "git"
},
{
"lessThan": "6.1.160",
"status": "affected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThan": "6.1",
"status": "affected",
"version": "6.0.16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/mtk_iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: fix use-after-free on probe deferral\n\nThe driver is dropping the references taken to the larb devices during\nprobe after successful lookup as well as on errors. This can\npotentially lead to a use-after-free in case a larb device has not yet\nbeen bound to its driver so that the iommu driver probe defers.\n\nFix this by keeping the references as expected while the iommu driver is\nbound."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:04.559Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/896ec55da3b90bdb9fc04fedc17ad8c359b2eee5"
},
{
"url": "https://git.kernel.org/stable/c/5c04217d06a1161aaf36267e9d971ab6f847d5a7"
},
{
"url": "https://git.kernel.org/stable/c/1ef70a0b104ae8011811f60bcfaa55ff49385171"
},
{
"url": "https://git.kernel.org/stable/c/f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a"
},
{
"url": "https://git.kernel.org/stable/c/de83d4617f9fe059623e97acf7e1e10d209625b5"
}
],
"title": "iommu/mediatek: fix use-after-free on probe deferral",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71071",
"datePublished": "2026-01-13T15:31:25.400Z",
"dateReserved": "2026-01-13T15:30:19.647Z",
"dateUpdated": "2026-05-23T16:03:04.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71104 (GCVE-0-2025-71104)
Vulnerability from cvelistv5 – Published: 2026-01-14 15:05 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer
When advancing the target expiration for the guest's APIC timer in periodic
mode, set the expiration to "now" if the target expiration is in the past
(similar to what is done in update_target_expiration()). Blindly adding
the period to the previous target expiration can result in KVM generating
a practically unbounded number of hrtimer IRQs due to programming an
expired timer over and over. In extreme scenarios, e.g. if userspace
pauses/suspends a VM for an extended duration, this can even cause hard
lockups in the host.
Currently, the bug only affects Intel CPUs when using the hypervisor timer
(HV timer), a.k.a. the VMX preemption timer. Unlike the software timer,
a.k.a. hrtimer, which KVM keeps running even on exits to userspace, the
HV timer only runs while the guest is active. As a result, if the vCPU
does not run for an extended duration, there will be a huge gap between
the target expiration and the current time the vCPU resumes running.
Because the target expiration is incremented by only one period on each
timer expiration, this leads to a series of timer expirations occurring
rapidly after the vCPU/VM resumes.
More critically, when the vCPU first triggers a periodic HV timer
expiration after resuming, advancing the expiration by only one period
will result in a target expiration in the past. As a result, the delta
may be calculated as a negative value. When the delta is converted into
an absolute value (tscdeadline is an unsigned u64), the resulting value
can overflow what the HV timer is capable of programming. I.e. the large
value will exceed the VMX Preemption Timer's maximum bit width of
cpu_preemption_timer_multi + 32, and thus cause KVM to switch from the
HV timer to the software timer (hrtimers).
After switching to the software timer, periodic timer expiration callbacks
may be executed consecutively within a single clock interrupt handler,
because hrtimers honors KVM's request for an expiration in the past and
immediately re-invokes KVM's callback after reprogramming. And because
the interrupt handler runs with IRQs disabled, restarting KVM's hrtimer
over and over until the target expiration is advanced to "now" can result
in a hard lockup.
E.g. the following hard lockup was triggered in the host when running a
Windows VM (only relevant because it used the APIC timer in periodic mode)
after resuming the VM from a long suspend (in the host).
NMI watchdog: Watchdog detected hard LOCKUP on cpu 45
...
RIP: 0010:advance_periodic_target_expiration+0x4d/0x80 [kvm]
...
RSP: 0018:ff4f88f5d98d8ef0 EFLAGS: 00000046
RAX: fff0103f91be678e RBX: fff0103f91be678e RCX: 00843a7d9e127bcc
RDX: 0000000000000002 RSI: 0052ca4003697505 RDI: ff440d5bfbdbd500
RBP: ff440d5956f99200 R08: ff2ff2a42deb6a84 R09: 000000000002a6c0
R10: 0122d794016332b3 R11: 0000000000000000 R12: ff440db1af39cfc0
R13: ff440db1af39cfc0 R14: ffffffffc0d4a560 R15: ff440db1af39d0f8
FS: 00007f04a6ffd700(0000) GS:ff440db1af380000(0000) knlGS:000000e38a3b8000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d5651feff8 CR3: 000000684e038002 CR4: 0000000000773ee0
PKRU: 55555554
Call Trace:
<IRQ>
apic_timer_fn+0x31/0x50 [kvm]
__hrtimer_run_queues+0x100/0x280
hrtimer_interrupt+0x100/0x210
? ttwu_do_wakeup+0x19/0x160
smp_apic_timer_interrupt+0x6a/0x130
apic_timer_interrupt+0xf/0x20
</IRQ>
Moreover, if the suspend duration of the virtual machine is not long enough
to trigger a hard lockup in this scenario, since commit 98c25ead5eda
("KVM: VMX: Move preemption timer <=> hrtimer dance to common x86"), KVM
will continue using the software timer until the guest reprograms the APIC
timer in some way. Since the periodic timer does not require frequent APIC
timer register programming, the guest may continue to use the software
timer in
---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/786ed625c125c5cd1… | |
| https://git.kernel.org/stable/c/d2da0df7bbc4fb4fd… | |
| https://git.kernel.org/stable/c/807dbe8f3862fa7c1… | |
| https://git.kernel.org/stable/c/7b54ccef865e0aa62… | |
| https://git.kernel.org/stable/c/e746e51947053a02a… | |
| https://git.kernel.org/stable/c/e23f46f1a971c73da… | |
| https://git.kernel.org/stable/c/18ab3fc8e880791aa… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc , < 786ed625c125c5cd180d6aaa37e653e3e4ffb8d9
(git)
Affected: d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc , < d2da0df7bbc4fb4fd7d0a1da704f81a09c72fe73 (git) Affected: d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc , < 807dbe8f3862fa7c164155857550ce94b36a11b9 (git) Affected: d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc , < 7b54ccef865e0aa62e4871d4ada2ba4b9dcb8bed (git) Affected: d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc , < e746e51947053a02af2ea964593dc4887108d379 (git) Affected: d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc , < e23f46f1a971c73dad2fd63e1408696114ddebe2 (git) Affected: d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc , < 18ab3fc8e880791aa9f7c000261320fc812b5465 (git) Affected: 421e1fadb0b0a648cc75afd5b3c826fa7daeaffc (git) Affected: 5a69b7b69beae9bb86e7e1b095685087976cba47 (git) Affected: 4.14.45 , < 4.15 (semver) Affected: 4.16.13 , < 4.17 (semver) |
|
| Linux | Linux |
Affected:
4.17
Unaffected: 0 , < 4.17 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:40:39.879856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:04.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/lapic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "786ed625c125c5cd180d6aaa37e653e3e4ffb8d9",
"status": "affected",
"version": "d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc",
"versionType": "git"
},
{
"lessThan": "d2da0df7bbc4fb4fd7d0a1da704f81a09c72fe73",
"status": "affected",
"version": "d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc",
"versionType": "git"
},
{
"lessThan": "807dbe8f3862fa7c164155857550ce94b36a11b9",
"status": "affected",
"version": "d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc",
"versionType": "git"
},
{
"lessThan": "7b54ccef865e0aa62e4871d4ada2ba4b9dcb8bed",
"status": "affected",
"version": "d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc",
"versionType": "git"
},
{
"lessThan": "e746e51947053a02af2ea964593dc4887108d379",
"status": "affected",
"version": "d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc",
"versionType": "git"
},
{
"lessThan": "e23f46f1a971c73dad2fd63e1408696114ddebe2",
"status": "affected",
"version": "d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc",
"versionType": "git"
},
{
"lessThan": "18ab3fc8e880791aa9f7c000261320fc812b5465",
"status": "affected",
"version": "d8f2f498d9ed0c5010bc1bbc1146f94c8bf9f8cc",
"versionType": "git"
},
{
"status": "affected",
"version": "421e1fadb0b0a648cc75afd5b3c826fa7daeaffc",
"versionType": "git"
},
{
"status": "affected",
"version": "5a69b7b69beae9bb86e7e1b095685087976cba47",
"versionType": "git"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.45",
"versionType": "semver"
},
{
"lessThan": "4.17",
"status": "affected",
"version": "4.16.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/lapic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer\n\nWhen advancing the target expiration for the guest\u0027s APIC timer in periodic\nmode, set the expiration to \"now\" if the target expiration is in the past\n(similar to what is done in update_target_expiration()). Blindly adding\nthe period to the previous target expiration can result in KVM generating\na practically unbounded number of hrtimer IRQs due to programming an\nexpired timer over and over. In extreme scenarios, e.g. if userspace\npauses/suspends a VM for an extended duration, this can even cause hard\nlockups in the host.\n\nCurrently, the bug only affects Intel CPUs when using the hypervisor timer\n(HV timer), a.k.a. the VMX preemption timer. Unlike the software timer,\na.k.a. hrtimer, which KVM keeps running even on exits to userspace, the\nHV timer only runs while the guest is active. As a result, if the vCPU\ndoes not run for an extended duration, there will be a huge gap between\nthe target expiration and the current time the vCPU resumes running.\nBecause the target expiration is incremented by only one period on each\ntimer expiration, this leads to a series of timer expirations occurring\nrapidly after the vCPU/VM resumes.\n\nMore critically, when the vCPU first triggers a periodic HV timer\nexpiration after resuming, advancing the expiration by only one period\nwill result in a target expiration in the past. As a result, the delta\nmay be calculated as a negative value. When the delta is converted into\nan absolute value (tscdeadline is an unsigned u64), the resulting value\ncan overflow what the HV timer is capable of programming. I.e. the large\nvalue will exceed the VMX Preemption Timer\u0027s maximum bit width of\ncpu_preemption_timer_multi + 32, and thus cause KVM to switch from the\nHV timer to the software timer (hrtimers).\n\nAfter switching to the software timer, periodic timer expiration callbacks\nmay be executed consecutively within a single clock interrupt handler,\nbecause hrtimers honors KVM\u0027s request for an expiration in the past and\nimmediately re-invokes KVM\u0027s callback after reprogramming. And because\nthe interrupt handler runs with IRQs disabled, restarting KVM\u0027s hrtimer\nover and over until the target expiration is advanced to \"now\" can result\nin a hard lockup.\n\nE.g. the following hard lockup was triggered in the host when running a\nWindows VM (only relevant because it used the APIC timer in periodic mode)\nafter resuming the VM from a long suspend (in the host).\n\n NMI watchdog: Watchdog detected hard LOCKUP on cpu 45\n ...\n RIP: 0010:advance_periodic_target_expiration+0x4d/0x80 [kvm]\n ...\n RSP: 0018:ff4f88f5d98d8ef0 EFLAGS: 00000046\n RAX: fff0103f91be678e RBX: fff0103f91be678e RCX: 00843a7d9e127bcc\n RDX: 0000000000000002 RSI: 0052ca4003697505 RDI: ff440d5bfbdbd500\n RBP: ff440d5956f99200 R08: ff2ff2a42deb6a84 R09: 000000000002a6c0\n R10: 0122d794016332b3 R11: 0000000000000000 R12: ff440db1af39cfc0\n R13: ff440db1af39cfc0 R14: ffffffffc0d4a560 R15: ff440db1af39d0f8\n FS: 00007f04a6ffd700(0000) GS:ff440db1af380000(0000) knlGS:000000e38a3b8000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000d5651feff8 CR3: 000000684e038002 CR4: 0000000000773ee0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n apic_timer_fn+0x31/0x50 [kvm]\n __hrtimer_run_queues+0x100/0x280\n hrtimer_interrupt+0x100/0x210\n ? ttwu_do_wakeup+0x19/0x160\n smp_apic_timer_interrupt+0x6a/0x130\n apic_timer_interrupt+0xf/0x20\n \u003c/IRQ\u003e\n\nMoreover, if the suspend duration of the virtual machine is not long enough\nto trigger a hard lockup in this scenario, since commit 98c25ead5eda\n(\"KVM: VMX: Move preemption timer \u003c=\u003e hrtimer dance to common x86\"), KVM\nwill continue using the software timer until the guest reprograms the APIC\ntimer in some way. Since the periodic timer does not require frequent APIC\ntimer register programming, the guest may continue to use the software\ntimer in \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:11.920Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/786ed625c125c5cd180d6aaa37e653e3e4ffb8d9"
},
{
"url": "https://git.kernel.org/stable/c/d2da0df7bbc4fb4fd7d0a1da704f81a09c72fe73"
},
{
"url": "https://git.kernel.org/stable/c/807dbe8f3862fa7c164155857550ce94b36a11b9"
},
{
"url": "https://git.kernel.org/stable/c/7b54ccef865e0aa62e4871d4ada2ba4b9dcb8bed"
},
{
"url": "https://git.kernel.org/stable/c/e746e51947053a02af2ea964593dc4887108d379"
},
{
"url": "https://git.kernel.org/stable/c/e23f46f1a971c73dad2fd63e1408696114ddebe2"
},
{
"url": "https://git.kernel.org/stable/c/18ab3fc8e880791aa9f7c000261320fc812b5465"
}
],
"title": "KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71104",
"datePublished": "2026-01-14T15:05:53.802Z",
"dateReserved": "2026-01-13T15:30:19.651Z",
"dateUpdated": "2026-06-11T18:44:04.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71113 (GCVE-0-2025-71113)
Vulnerability from cvelistv5 – Published: 2026-01-14 15:05 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
crypto: af_alg - zero initialize memory allocated via sock_kmalloc
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - zero initialize memory allocated via sock_kmalloc
Several crypto user API contexts and requests allocated with
sock_kmalloc() were left uninitialized, relying on callers to
set fields explicitly. This resulted in the use of uninitialized
data in certain error paths or when new fields are added in the
future.
The ACVP patches also contain two user-space interface files:
algif_kpp.c and algif_akcipher.c. These too rely on proper
initialization of their context structures.
A particular issue has been observed with the newly added
'inflight' variable introduced in af_alg_ctx by commit:
67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests")
Because the context is not memset to zero after allocation,
the inflight variable has contained garbage values. As a result,
af_alg_alloc_areq() has incorrectly returned -EBUSY randomly when
the garbage value was interpreted as true:
https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209
The check directly tests ctx->inflight without explicitly
comparing against true/false. Since inflight is only ever set to
true or false later, an uninitialized value has triggered
-EBUSY failures. Zero-initializing memory allocated with
sock_kmalloc() ensures inflight and other fields start in a known
state, removing random issues caused by uninitialized data.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/e125c8e346e4eb7b3… | |
| https://git.kernel.org/stable/c/543bf004e4eafbb30… | |
| https://git.kernel.org/stable/c/f81244fd6b14fecfa… | |
| https://git.kernel.org/stable/c/84238876e3b3b262c… | |
| https://git.kernel.org/stable/c/5a4b65523608974a8… | |
| https://git.kernel.org/stable/c/51a5ab36084f3251e… | |
| https://git.kernel.org/stable/c/6f6e309328d53a10c… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fe869cdb89c95d060c77eea20204d6c91f233b53 , < e125c8e346e4eb7b3e854c862fcb4392bc13ddba
(git)
Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 543bf004e4eafbb302b1e6c78570d425d2ca13a0 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < f81244fd6b14fecfa93b66b6bb1d59f96554e550 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 84238876e3b3b262cf62d5f4d1338e983fb27010 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 5a4b65523608974a81edbe386f8a667a3e10c726 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 51a5ab36084f3251ef87eda3e6a6236f6488925e (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 6f6e309328d53a10c0fe1f77dec2db73373179b6 (git) |
|
| Linux | Linux |
Affected:
2.6.38
Unaffected: 0 , < 2.6.38 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:40:47.263259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:05.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/af_alg.c",
"crypto/algif_hash.c",
"crypto/algif_rng.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e125c8e346e4eb7b3e854c862fcb4392bc13ddba",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "543bf004e4eafbb302b1e6c78570d425d2ca13a0",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "f81244fd6b14fecfa93b66b6bb1d59f96554e550",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "84238876e3b3b262cf62d5f4d1338e983fb27010",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "5a4b65523608974a81edbe386f8a667a3e10c726",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "51a5ab36084f3251ef87eda3e6a6236f6488925e",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "6f6e309328d53a10c0fe1f77dec2db73373179b6",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/af_alg.c",
"crypto/algif_hash.c",
"crypto/algif_rng.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - zero initialize memory allocated via sock_kmalloc\n\nSeveral crypto user API contexts and requests allocated with\nsock_kmalloc() were left uninitialized, relying on callers to\nset fields explicitly. This resulted in the use of uninitialized\ndata in certain error paths or when new fields are added in the\nfuture.\n\nThe ACVP patches also contain two user-space interface files:\nalgif_kpp.c and algif_akcipher.c. These too rely on proper\ninitialization of their context structures.\n\nA particular issue has been observed with the newly added\n\u0027inflight\u0027 variable introduced in af_alg_ctx by commit:\n\n 67b164a871af (\"crypto: af_alg - Disallow multiple in-flight AIO requests\")\n\nBecause the context is not memset to zero after allocation,\nthe inflight variable has contained garbage values. As a result,\naf_alg_alloc_areq() has incorrectly returned -EBUSY randomly when\nthe garbage value was interpreted as true:\n\n https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209\n\nThe check directly tests ctx-\u003einflight without explicitly\ncomparing against true/false. Since inflight is only ever set to\ntrue or false later, an uninitialized value has triggered\n-EBUSY failures. Zero-initializing memory allocated with\nsock_kmalloc() ensures inflight and other fields start in a known\nstate, removing random issues caused by uninitialized data."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:55:06.916Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e125c8e346e4eb7b3e854c862fcb4392bc13ddba"
},
{
"url": "https://git.kernel.org/stable/c/543bf004e4eafbb302b1e6c78570d425d2ca13a0"
},
{
"url": "https://git.kernel.org/stable/c/f81244fd6b14fecfa93b66b6bb1d59f96554e550"
},
{
"url": "https://git.kernel.org/stable/c/84238876e3b3b262cf62d5f4d1338e983fb27010"
},
{
"url": "https://git.kernel.org/stable/c/5a4b65523608974a81edbe386f8a667a3e10c726"
},
{
"url": "https://git.kernel.org/stable/c/51a5ab36084f3251ef87eda3e6a6236f6488925e"
},
{
"url": "https://git.kernel.org/stable/c/6f6e309328d53a10c0fe1f77dec2db73373179b6"
}
],
"title": "crypto: af_alg - zero initialize memory allocated via sock_kmalloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71113",
"datePublished": "2026-01-14T15:05:59.992Z",
"dateReserved": "2026-01-13T15:30:19.653Z",
"dateUpdated": "2026-06-11T18:44:05.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71126 (GCVE-0-2025-71126)
Vulnerability from cvelistv5 – Published: 2026-01-14 15:06 – Updated: 2026-05-23 16:03
VLAI
EPSS
Title
mptcp: avoid deadlock on fallback while reinjecting
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: avoid deadlock on fallback while reinjecting
Jakub reported an MPTCP deadlock at fallback time:
WARNING: possible recursive locking detected
6.18.0-rc7-virtme #1 Not tainted
--------------------------------------------
mptcp_connect/20858 is trying to acquire lock:
ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280
but task is already holding lock:
ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&msk->fallback_lock);
lock(&msk->fallback_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by mptcp_connect/20858:
#0: ff1100001da18290 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x114/0x1bc0
#1: ff1100001db40fd0 (k-sk_lock-AF_INET#2){+.+.}-{0:0}, at: __mptcp_retrans+0x2cb/0xaa0
#2: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0
stack backtrace:
CPU: 0 UID: 0 PID: 20858 Comm: mptcp_connect Not tainted 6.18.0-rc7-virtme #1 PREEMPT(full)
Hardware name: Bochs, BIOS Bochs 01/01/2011
Call Trace:
<TASK>
dump_stack_lvl+0x6f/0xa0
print_deadlock_bug.cold+0xc0/0xcd
validate_chain+0x2ff/0x5f0
__lock_acquire+0x34c/0x740
lock_acquire.part.0+0xbc/0x260
_raw_spin_lock_bh+0x38/0x50
__mptcp_try_fallback+0xd8/0x280
mptcp_sendmsg_frag+0x16c2/0x3050
__mptcp_retrans+0x421/0xaa0
mptcp_release_cb+0x5aa/0xa70
release_sock+0xab/0x1d0
mptcp_sendmsg+0xd5b/0x1bc0
sock_write_iter+0x281/0x4d0
new_sync_write+0x3c5/0x6f0
vfs_write+0x65e/0xbb0
ksys_write+0x17e/0x200
do_syscall_64+0xbb/0xfd0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7fa5627cbc5e
Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
RSP: 002b:00007fff1fe14700 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa5627cbc5e
RDX: 0000000000001f9c RSI: 00007fff1fe16984 RDI: 0000000000000005
RBP: 00007fff1fe14710 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff1fe16920
R13: 0000000000002000 R14: 0000000000001f9c R15: 0000000000001f9c
The packet scheduler could attempt a reinjection after receiving an
MP_FAIL and before the infinite map has been transmitted, causing a
deadlock since MPTCP needs to do the reinjection atomically from WRT
fallback.
Address the issue explicitly avoiding the reinjection in the critical
scenario. Note that this is the only fallback critical section that
could potentially send packets and hit the double-lock.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5586518bec27666c747cd52aabb62d485686d0bf , < 0107442e82c0f8d6010e07e6030741c59c520d6e
(git)
Affected: 75a4c9ab8a7af0d76b31ccd1188ed178c38b35d2 , < 252892d5a6a2f163ce18f32716e46fa4da7d4e79 (git) Affected: 54999dea879fecb761225e28f274b40662918c30 , < 0ca9fb4335e726dab4f23b3bfe87271d8f005f41 (git) Affected: f8a1d9b18c5efc76784f5a326e905f641f839894 , < 50f47c02be419bf0a3ae94c118addf67beef359f (git) Affected: f8a1d9b18c5efc76784f5a326e905f641f839894 , < ffb8c27b0539dd90262d1021488e7817fae57c42 (git) Affected: 1d82a8fe6ee4afdc92f4e8808c9dad2a6095bbc5 (git) Affected: 6.1.149 , < 6.1.160 (semver) Affected: 6.6.101 , < 6.6.120 (semver) Affected: 6.12.40 , < 6.12.64 (semver) Affected: 6.15.8 , < 6.16 (semver) |
|
| Linux | Linux |
Affected:
6.16
Unaffected: 0 , < 6.16 (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0107442e82c0f8d6010e07e6030741c59c520d6e",
"status": "affected",
"version": "5586518bec27666c747cd52aabb62d485686d0bf",
"versionType": "git"
},
{
"lessThan": "252892d5a6a2f163ce18f32716e46fa4da7d4e79",
"status": "affected",
"version": "75a4c9ab8a7af0d76b31ccd1188ed178c38b35d2",
"versionType": "git"
},
{
"lessThan": "0ca9fb4335e726dab4f23b3bfe87271d8f005f41",
"status": "affected",
"version": "54999dea879fecb761225e28f274b40662918c30",
"versionType": "git"
},
{
"lessThan": "50f47c02be419bf0a3ae94c118addf67beef359f",
"status": "affected",
"version": "f8a1d9b18c5efc76784f5a326e905f641f839894",
"versionType": "git"
},
{
"lessThan": "ffb8c27b0539dd90262d1021488e7817fae57c42",
"status": "affected",
"version": "f8a1d9b18c5efc76784f5a326e905f641f839894",
"versionType": "git"
},
{
"status": "affected",
"version": "1d82a8fe6ee4afdc92f4e8808c9dad2a6095bbc5",
"versionType": "git"
},
{
"lessThan": "6.1.160",
"status": "affected",
"version": "6.1.149",
"versionType": "semver"
},
{
"lessThan": "6.6.120",
"status": "affected",
"version": "6.6.101",
"versionType": "semver"
},
{
"lessThan": "6.12.64",
"status": "affected",
"version": "6.12.40",
"versionType": "semver"
},
{
"lessThan": "6.16",
"status": "affected",
"version": "6.15.8",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.16"
},
{
"lessThan": "6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "6.1.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "6.6.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "6.12.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.15.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: avoid deadlock on fallback while reinjecting\n\nJakub reported an MPTCP deadlock at fallback time:\n\n WARNING: possible recursive locking detected\n 6.18.0-rc7-virtme #1 Not tainted\n --------------------------------------------\n mptcp_connect/20858 is trying to acquire lock:\n ff1100001da18b60 (\u0026msk-\u003efallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280\n\n but task is already holding lock:\n ff1100001da18b60 (\u0026msk-\u003efallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026msk-\u003efallback_lock);\n lock(\u0026msk-\u003efallback_lock);\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n 3 locks held by mptcp_connect/20858:\n #0: ff1100001da18290 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x114/0x1bc0\n #1: ff1100001db40fd0 (k-sk_lock-AF_INET#2){+.+.}-{0:0}, at: __mptcp_retrans+0x2cb/0xaa0\n #2: ff1100001da18b60 (\u0026msk-\u003efallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0\n\n stack backtrace:\n CPU: 0 UID: 0 PID: 20858 Comm: mptcp_connect Not tainted 6.18.0-rc7-virtme #1 PREEMPT(full)\n Hardware name: Bochs, BIOS Bochs 01/01/2011\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6f/0xa0\n print_deadlock_bug.cold+0xc0/0xcd\n validate_chain+0x2ff/0x5f0\n __lock_acquire+0x34c/0x740\n lock_acquire.part.0+0xbc/0x260\n _raw_spin_lock_bh+0x38/0x50\n __mptcp_try_fallback+0xd8/0x280\n mptcp_sendmsg_frag+0x16c2/0x3050\n __mptcp_retrans+0x421/0xaa0\n mptcp_release_cb+0x5aa/0xa70\n release_sock+0xab/0x1d0\n mptcp_sendmsg+0xd5b/0x1bc0\n sock_write_iter+0x281/0x4d0\n new_sync_write+0x3c5/0x6f0\n vfs_write+0x65e/0xbb0\n ksys_write+0x17e/0x200\n do_syscall_64+0xbb/0xfd0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7fa5627cbc5e\n Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff1fe14700 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa5627cbc5e\n RDX: 0000000000001f9c RSI: 00007fff1fe16984 RDI: 0000000000000005\n RBP: 00007fff1fe14710 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff1fe16920\n R13: 0000000000002000 R14: 0000000000001f9c R15: 0000000000001f9c\n\nThe packet scheduler could attempt a reinjection after receiving an\nMP_FAIL and before the infinite map has been transmitted, causing a\ndeadlock since MPTCP needs to do the reinjection atomically from WRT\nfallback.\n\nAddress the issue explicitly avoiding the reinjection in the critical\nscenario. Note that this is the only fallback critical section that\ncould potentially send packets and hit the double-lock."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:17.869Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0107442e82c0f8d6010e07e6030741c59c520d6e"
},
{
"url": "https://git.kernel.org/stable/c/252892d5a6a2f163ce18f32716e46fa4da7d4e79"
},
{
"url": "https://git.kernel.org/stable/c/0ca9fb4335e726dab4f23b3bfe87271d8f005f41"
},
{
"url": "https://git.kernel.org/stable/c/50f47c02be419bf0a3ae94c118addf67beef359f"
},
{
"url": "https://git.kernel.org/stable/c/ffb8c27b0539dd90262d1021488e7817fae57c42"
}
],
"title": "mptcp: avoid deadlock on fallback while reinjecting",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71126",
"datePublished": "2026-01-14T15:06:11.417Z",
"dateReserved": "2026-01-13T15:30:19.655Z",
"dateUpdated": "2026-05-23T16:03:17.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71148 (GCVE-0-2025-71148)
Vulnerability from cvelistv5 – Published: 2026-01-23 14:15 – Updated: 2026-05-11 21:55
VLAI
EPSS
Title
net/handshake: restore destructor on submit failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/handshake: restore destructor on submit failure
handshake_req_submit() replaces sk->sk_destruct but never restores it when
submission fails before the request is hashed. handshake_sk_destruct() then
returns early and the original destructor never runs, leaking the socket.
Restore sk_destruct on the error path.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3b3009ea8abb713b022d94fba95ec270cf6e7eae , < cd8cf2be3717137554744233fda051ffc09d1d44
(git)
Affected: 3b3009ea8abb713b022d94fba95ec270cf6e7eae , < 7b82a1d6ae869533d8bdb0282a3a78faed8e63dd (git) Affected: 3b3009ea8abb713b022d94fba95ec270cf6e7eae , < b225325be7b247c7268e65eea6090db1fc786d1f (git) Affected: 3b3009ea8abb713b022d94fba95ec270cf6e7eae , < 6af2a01d65f89e73c1cbb9267f8880d83a88cee4 (git) |
|
| Linux | Linux |
Affected:
6.4
Unaffected: 0 , < 6.4 (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/handshake/request.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd8cf2be3717137554744233fda051ffc09d1d44",
"status": "affected",
"version": "3b3009ea8abb713b022d94fba95ec270cf6e7eae",
"versionType": "git"
},
{
"lessThan": "7b82a1d6ae869533d8bdb0282a3a78faed8e63dd",
"status": "affected",
"version": "3b3009ea8abb713b022d94fba95ec270cf6e7eae",
"versionType": "git"
},
{
"lessThan": "b225325be7b247c7268e65eea6090db1fc786d1f",
"status": "affected",
"version": "3b3009ea8abb713b022d94fba95ec270cf6e7eae",
"versionType": "git"
},
{
"lessThan": "6af2a01d65f89e73c1cbb9267f8880d83a88cee4",
"status": "affected",
"version": "3b3009ea8abb713b022d94fba95ec270cf6e7eae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/handshake/request.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: restore destructor on submit failure\n\nhandshake_req_submit() replaces sk-\u003esk_destruct but never restores it when\nsubmission fails before the request is hashed. handshake_sk_destruct() then\nreturns early and the original destructor never runs, leaking the socket.\nRestore sk_destruct on the error path."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:55:54.574Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd8cf2be3717137554744233fda051ffc09d1d44"
},
{
"url": "https://git.kernel.org/stable/c/7b82a1d6ae869533d8bdb0282a3a78faed8e63dd"
},
{
"url": "https://git.kernel.org/stable/c/b225325be7b247c7268e65eea6090db1fc786d1f"
},
{
"url": "https://git.kernel.org/stable/c/6af2a01d65f89e73c1cbb9267f8880d83a88cee4"
}
],
"title": "net/handshake: restore destructor on submit failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71148",
"datePublished": "2026-01-23T14:15:14.963Z",
"dateReserved": "2026-01-13T15:30:19.662Z",
"dateUpdated": "2026-05-11T21:55:54.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71182 (GCVE-0-2025-71182)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
can: j1939: make j1939_session_activate() fail if device is no longer registered
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: make j1939_session_activate() fail if device is no longer registered
syzbot is still reporting
unregister_netdevice: waiting for vcan0 to become free. Usage count = 2
even after commit 93a27b5891b8 ("can: j1939: add missing calls in
NETDEV_UNREGISTER notification handler") was added. A debug printk() patch
found that j1939_session_activate() can succeed even after
j1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER)
has completed.
Since j1939_cancel_active_session() is processed with the session list lock
held, checking ndev->reg_state in j1939_session_activate() with the session
list lock held can reliably close the race window.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/ebb0dfd718dd31c8d… | |
| https://git.kernel.org/stable/c/c3a4316e3c746af41… | |
| https://git.kernel.org/stable/c/46ca9dc978923c5e1… | |
| https://git.kernel.org/stable/c/78d87b72cebe2a993… | |
| https://git.kernel.org/stable/c/ba6f0d1832eeb5eb3… | |
| https://git.kernel.org/stable/c/79dd3f1d9dd310c2a… | |
| https://git.kernel.org/stable/c/5d5602236f5db19e8… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9d71dd0c70099914fcd063135da3c580865e924c , < ebb0dfd718dd31c8d3600612ca4b7207ec3d923a
(git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < c3a4316e3c746af415c0fd6c6d489ad13f53714d (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 46ca9dc978923c5e1247a9e9519240ba7ace413c (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 78d87b72cebe2a993fd5b017e9f14fb6278f2eae (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536 (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 79dd3f1d9dd310c2af89b09c71f34d93973b200f (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 5d5602236f5db19e8b337a2cd87a90ace5ea776d (git) |
|
| Linux | Linux |
Affected:
5.4
Unaffected: 0 , < 5.4 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.161 , ≤ 6.1.* (semver) Unaffected: 6.6.121 , ≤ 6.6.* (semver) Unaffected: 6.12.66 , ≤ 6.12.* (semver) Unaffected: 6.18.6 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:42:04.625425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:19.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/j1939/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ebb0dfd718dd31c8d3600612ca4b7207ec3d923a",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "c3a4316e3c746af415c0fd6c6d489ad13f53714d",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "46ca9dc978923c5e1247a9e9519240ba7ace413c",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "78d87b72cebe2a993fd5b017e9f14fb6278f2eae",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "79dd3f1d9dd310c2af89b09c71f34d93973b200f",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "5d5602236f5db19e8b337a2cd87a90ace5ea776d",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/j1939/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.161",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: make j1939_session_activate() fail if device is no longer registered\n\nsyzbot is still reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\neven after commit 93a27b5891b8 (\"can: j1939: add missing calls in\nNETDEV_UNREGISTER notification handler\") was added. A debug printk() patch\nfound that j1939_session_activate() can succeed even after\nj1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER)\nhas completed.\n\nSince j1939_cancel_active_session() is processed with the session list lock\nheld, checking ndev-\u003ereg_state in j1939_session_activate() with the session\nlist lock held can reliably close the race window."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:56:15.065Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ebb0dfd718dd31c8d3600612ca4b7207ec3d923a"
},
{
"url": "https://git.kernel.org/stable/c/c3a4316e3c746af415c0fd6c6d489ad13f53714d"
},
{
"url": "https://git.kernel.org/stable/c/46ca9dc978923c5e1247a9e9519240ba7ace413c"
},
{
"url": "https://git.kernel.org/stable/c/78d87b72cebe2a993fd5b017e9f14fb6278f2eae"
},
{
"url": "https://git.kernel.org/stable/c/ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536"
},
{
"url": "https://git.kernel.org/stable/c/79dd3f1d9dd310c2af89b09c71f34d93973b200f"
},
{
"url": "https://git.kernel.org/stable/c/5d5602236f5db19e8b337a2cd87a90ace5ea776d"
}
],
"title": "can: j1939: make j1939_session_activate() fail if device is no longer registered",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71182",
"datePublished": "2026-01-31T11:38:55.157Z",
"dateReserved": "2026-01-31T11:36:51.185Z",
"dateUpdated": "2026-06-11T18:44:19.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71184 (GCVE-0-2025-71184)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-05-11 21:56
VLAI
EPSS
Title
btrfs: fix NULL dereference on root when tracing inode eviction
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix NULL dereference on root when tracing inode eviction
When evicting an inode the first thing we do is to setup tracing for it,
which implies fetching the root's id. But in btrfs_evict_inode() the
root might be NULL, as implied in the next check that we do in
btrfs_evict_inode().
Hence, we either should set the ->root_objectid to 0 in case the root is
NULL, or we move tracing setup after checking that the root is not
NULL. Setting the rootid to 0 at least gives us the possibility to trace
this call even in the case when the root is NULL, so that's the solution
taken here.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1abe9b8a138c9988ba8f7bfded6453649a31541f , < 64d8abd8c5305795a2b35fc96039d99d34f5e762
(git)
Affected: 1abe9b8a138c9988ba8f7bfded6453649a31541f , < 582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c (git) Affected: 1abe9b8a138c9988ba8f7bfded6453649a31541f , < 99e057f3d3ef24b99a7b1d84e01dd1bd890098da (git) Affected: 1abe9b8a138c9988ba8f7bfded6453649a31541f , < f157dd661339fc6f5f2b574fe2429c43bd309534 (git) |
|
| Linux | Linux |
Affected:
2.6.39
Unaffected: 0 , < 2.6.39 (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.66 , ≤ 6.12.* (semver) Unaffected: 6.18.6 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/trace/events/btrfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64d8abd8c5305795a2b35fc96039d99d34f5e762",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
},
{
"lessThan": "582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
},
{
"lessThan": "99e057f3d3ef24b99a7b1d84e01dd1bd890098da",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
},
{
"lessThan": "f157dd661339fc6f5f2b574fe2429c43bd309534",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/trace/events/btrfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix NULL dereference on root when tracing inode eviction\n\nWhen evicting an inode the first thing we do is to setup tracing for it,\nwhich implies fetching the root\u0027s id. But in btrfs_evict_inode() the\nroot might be NULL, as implied in the next check that we do in\nbtrfs_evict_inode().\n\nHence, we either should set the -\u003eroot_objectid to 0 in case the root is\nNULL, or we move tracing setup after checking that the root is not\nNULL. Setting the rootid to 0 at least gives us the possibility to trace\nthis call even in the case when the root is NULL, so that\u0027s the solution\ntaken here."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:56:17.387Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64d8abd8c5305795a2b35fc96039d99d34f5e762"
},
{
"url": "https://git.kernel.org/stable/c/582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c"
},
{
"url": "https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da"
},
{
"url": "https://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534"
}
],
"title": "btrfs: fix NULL dereference on root when tracing inode eviction",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71184",
"datePublished": "2026-01-31T11:38:57.171Z",
"dateReserved": "2026-01-31T11:36:51.187Z",
"dateUpdated": "2026-05-11T21:56:17.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71185 (GCVE-0-2025-71185)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:41 – Updated: 2026-06-02 13:00
VLAI
EPSS
Title
dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation
Make sure to drop the reference taken when looking up the crossbar
platform device during am335x route allocation.
Severity
No CVSS data available.
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/1befa553f1ecc045d… | |
| https://git.kernel.org/stable/c/c933aa74d9f8d35e6… | |
| https://git.kernel.org/stable/c/43725bd47d984937c… | |
| https://git.kernel.org/stable/c/6fdf168f57e331e14… | |
| https://git.kernel.org/stable/c/f810132e825588fba… | |
| https://git.kernel.org/stable/c/30352277d8e09c972… | |
| https://git.kernel.org/stable/c/4fc17b1c6d2e04ad1… | |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 1befa553f1ecc045dc9ff56107ff50162f63f3c0
(git)
Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < c933aa74d9f8d35e6cda322c38c4a907d37a9a2b (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 43725bd47d984937c429919ae291896d982d1f17 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 6fdf168f57e331e148a1177a9b590a845c21b315 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < f810132e825588fbad3cba940458c58bb7ec4d84 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 30352277d8e09c972436f883a5efd1f1b763ac14 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9 (git) |
|
| Linux | Linux |
Affected:
4.4
Unaffected: 0 , < 4.4 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.67 , ≤ 6.12.* (semver) Unaffected: 6.18.7 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:00:34.249Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/dma-crossbar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1befa553f1ecc045dc9ff56107ff50162f63f3c0",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "c933aa74d9f8d35e6cda322c38c4a907d37a9a2b",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "43725bd47d984937c429919ae291896d982d1f17",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "6fdf168f57e331e148a1177a9b590a845c21b315",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "f810132e825588fbad3cba940458c58bb7ec4d84",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "30352277d8e09c972436f883a5efd1f1b763ac14",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/dma-crossbar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: dma-crossbar: fix device leak on am335x route allocation\n\nMake sure to drop the reference taken when looking up the crossbar\nplatform device during am335x route allocation."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:56:18.588Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1befa553f1ecc045dc9ff56107ff50162f63f3c0"
},
{
"url": "https://git.kernel.org/stable/c/c933aa74d9f8d35e6cda322c38c4a907d37a9a2b"
},
{
"url": "https://git.kernel.org/stable/c/43725bd47d984937c429919ae291896d982d1f17"
},
{
"url": "https://git.kernel.org/stable/c/6fdf168f57e331e148a1177a9b590a845c21b315"
},
{
"url": "https://git.kernel.org/stable/c/f810132e825588fbad3cba940458c58bb7ec4d84"
},
{
"url": "https://git.kernel.org/stable/c/30352277d8e09c972436f883a5efd1f1b763ac14"
},
{
"url": "https://git.kernel.org/stable/c/4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9"
}
],
"title": "dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71185",
"datePublished": "2026-01-31T11:41:57.082Z",
"dateReserved": "2026-01-31T11:36:51.187Z",
"dateUpdated": "2026-06-02T13:00:34.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71188 (GCVE-0-2025-71188)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:41 – Updated: 2026-06-02 13:00
VLAI
EPSS
Title
dmaengine: lpc18xx-dmamux: fix device leak on route allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: lpc18xx-dmamux: fix device leak on route allocation
Make sure to drop the reference taken when looking up the DMA mux
platform device during route allocation.
Note that holding a reference to a device does not prevent its driver
data from going away so there is no point in keeping the reference.
Severity
No CVSS data available.
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/3d396ebfb3049a2b5… | |
| https://git.kernel.org/stable/c/499ddae78c4baa9b9… | |
| https://git.kernel.org/stable/c/adef147a8d8c3d767… | |
| https://git.kernel.org/stable/c/9fba97baa520c9446… | |
| https://git.kernel.org/stable/c/992eb8055a6e5dbb8… | |
| https://git.kernel.org/stable/c/1e47d80f6720f0224… | |
| https://git.kernel.org/stable/c/d4d63059dee7e7cae… | |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e5f4ae84be7421010780984bdc121eac15997327 , < 3d396ebfb3049a2b5fac51d2c967db5114b685e8
(git)
Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 499ddae78c4baa9b94df76b2d2eb6b150d15377f (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < adef147a8d8c3d767abf88ad2c381ffab2993086 (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 9fba97baa520c9446df51a64708daf27c5a7ed32 (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 992eb8055a6e5dbb808672d20d68e60d5a89b12b (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 1e47d80f6720f0224efd19bcf081d39637569c10 (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < d4d63059dee7e7cae0c4d9a532ed558bc90efb55 (git) |
|
| Linux | Linux |
Affected:
4.3
Unaffected: 0 , < 4.3 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.67 , ≤ 6.12.* (semver) Unaffected: 6.18.7 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:00:36.620Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/lpc18xx-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3d396ebfb3049a2b5fac51d2c967db5114b685e8",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "499ddae78c4baa9b94df76b2d2eb6b150d15377f",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "adef147a8d8c3d767abf88ad2c381ffab2993086",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "9fba97baa520c9446df51a64708daf27c5a7ed32",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "992eb8055a6e5dbb808672d20d68e60d5a89b12b",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "1e47d80f6720f0224efd19bcf081d39637569c10",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "d4d63059dee7e7cae0c4d9a532ed558bc90efb55",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/lpc18xx-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: lpc18xx-dmamux: fix device leak on route allocation\n\nMake sure to drop the reference taken when looking up the DMA mux\nplatform device during route allocation.\n\nNote that holding a reference to a device does not prevent its driver\ndata from going away so there is no point in keeping the reference."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:56:22.014Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d396ebfb3049a2b5fac51d2c967db5114b685e8"
},
{
"url": "https://git.kernel.org/stable/c/499ddae78c4baa9b94df76b2d2eb6b150d15377f"
},
{
"url": "https://git.kernel.org/stable/c/adef147a8d8c3d767abf88ad2c381ffab2993086"
},
{
"url": "https://git.kernel.org/stable/c/9fba97baa520c9446df51a64708daf27c5a7ed32"
},
{
"url": "https://git.kernel.org/stable/c/992eb8055a6e5dbb808672d20d68e60d5a89b12b"
},
{
"url": "https://git.kernel.org/stable/c/1e47d80f6720f0224efd19bcf081d39637569c10"
},
{
"url": "https://git.kernel.org/stable/c/d4d63059dee7e7cae0c4d9a532ed558bc90efb55"
}
],
"title": "dmaengine: lpc18xx-dmamux: fix device leak on route allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71188",
"datePublished": "2026-01-31T11:41:59.624Z",
"dateReserved": "2026-01-31T11:36:51.188Z",
"dateUpdated": "2026-06-02T13:00:36.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…