CVE-2025-71071
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors. This can potentially lead to a use-after-free in case a larb device has not yet been bound to its driver so that the iommu driver probe defers. Fix this by keeping the references as expected while the iommu driver is bound.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-03-25
Generated
2026-05-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71071
EUVD
EUVD-2026-2267
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.2
linux linux_kernel From 6.0.16 (inc) to 6.1 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.7 (inc) to 6.12.64 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.3 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.1.2 (inc) to 6.1.160 (exc)
linux linux_kernel From 6.2.1 (inc) to 6.6.120 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in the Linux kernel's iommu/mediatek driver. It occurs because the driver drops references to larb devices during probe after successful lookup or errors. If a larb device has not yet been bound to its driver, the iommu driver probe defers, which can lead to use-after-free when those references are dropped prematurely. The fix involves keeping the references as expected while the iommu driver is bound.


How can this vulnerability impact me? :

This vulnerability can lead to use-after-free conditions in the kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if they can trigger the condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart