CVE-2025-71313
Analyzed Analyzed - Analysis Complete
PCI Endpoint NULL Pointer Dereference in Linux Kernel

Publication date: 2026-06-03

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queue_work() is later called with the NULL workqueue pointer in epf_ntb_epc_init(). Add a NULL check immediately after alloc_workqueue() and return -ENOMEM on failure to prevent the driver from loading with an invalid workqueue pointer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-09
Generated
2026-06-16
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-71313
EUVD
EUVD-2025-210056
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.12 (inc) to 6.19.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's PCI endpoint driver where a missing NULL check after calling alloc_workqueue() can cause a NULL pointer dereference.

alloc_workqueue() may return NULL if memory allocation fails. Without checking for this NULL return value, the code later calls queue_work() with a NULL pointer, leading to a potential crash or undefined behavior.

The fix involves adding a NULL check immediately after alloc_workqueue() and returning an error (-ENOMEM) if the allocation fails, preventing the driver from loading with an invalid workqueue pointer.

Impact Analysis

This vulnerability can cause the Linux kernel to dereference a NULL pointer, which may lead to a kernel crash or system instability.

Such crashes can result in denial of service conditions, potentially disrupting normal system operations.

Mitigation Strategies

To mitigate this vulnerability, ensure that the Linux kernel version you are using includes the fix that adds a NULL check immediately after alloc_workqueue() in the PCI endpoint driver.

This fix prevents the driver from loading with an invalid workqueue pointer by returning -ENOMEM on failure, thus avoiding a NULL pointer dereference.

If you are maintaining custom or backported kernel code, verify that the alloc_workqueue() call is properly checked for NULL and handle the error accordingly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71313. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart