CVE-2025-71233
Published: Feb 18, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash can be easily reproduced with the following commands: # cd /sys/kernel/config/pci_ep/functions/pci_epf_test # for i in {1..20}; do mkdir test && rmdir test; done BUG: kernel NULL pointer dereference, address: 0000000000000088 ... Call Trace: configfs_register_group+0x3d/0x190 pci_epf_cfs_work+0x41/0x110 process_one_work+0x18f/0x350 worker_thread+0x25a/0x3a0 Fix this issue by using configfs_add_default_group() API which does not have the deadlock problem as configfs_register_group() and does not require the delayed work handler. [mani: slightly reworded the description and added stable list]
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e85a2d7837622bd99c96f5bbc7f972da90c285a2 - < fa9fb38f5fe9c80094c2138354d45cdc8d094d69affected e85a2d7837622bd99c96f5bbc7f972da90c285a2 - < 5f609b3bffd4207cf9f2c9b41e1978457a5a1ea9affected e85a2d7837622bd99c96f5bbc7f972da90c285a2 - < 8cb905eca73944089a0db01443c7628a9e87012daffected e85a2d7837622bd99c96f5bbc7f972da90c285a2 - < d9af3cf58bb4c8d6dea4166011c780756b1138b5affected e85a2d7837622bd99c96f5bbc7f972da90c285a2 - < 24a253c3aa6d9a2cde46158ce9782e023bfbf32d+2 more versions |
Linux | Linux | affected 5.12unaffected 0 - < 5.12unaffected 5.15.201 - <= 5.15.*unaffected 6.1.164 - <= 6.1.*unaffected 6.6.127 - <= 6.6.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now