CVE-2025-71071 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/mediatek: fix use-after-free on probe deferral

The driver is dropping the references taken to the larb devices during
probe after successful lookup as well as on errors. This can
potentially lead to a use-after-free in case a larb device has not yet
been bound to its driver so that the iommu driver probe defers.

Fix this by keeping the references as expected while the iommu driver is
bound.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/1ef70a0b104ae8011811f60bcfaa55ff49385171
https://git.kernel.org/stable/c/5c04217d06a1161aaf36267e9d971ab6f847d5a7
https://git.kernel.org/stable/c/896ec55da3b90bdb9fc04fedc17ad8c359b2eee5
https://git.kernel.org/stable/c/de83d4617f9fe059623e97acf7e1e10d209625b5
https://git.kernel.org/stable/c/f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a

History

Tue, 13 Jan 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors. This can potentially lead to a use-after-free in case a larb device has not yet been bound to its driver so that the iommu driver probe defers. Fix this by keeping the references as expected while the iommu driver is bound.
Title		iommu/mediatek: fix use-after-free on probe deferral
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1ef70a0b104ae8011811f60bcfaa55ff49385171 https://git.kernel.org/stable/c/5c04217d06a1161aaf36267e9d971ab6f847d5a7 https://git.kernel.org/stable/c/896ec55da3b90bdb9fc04fedc17ad8c359b2eee5 https://git.kernel.org/stable/c/de83d4617f9fe059623e97acf7e1e10d209625b5 https://git.kernel.org/stable/c/f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-01-13T15:31:25.400Z

Updated: 2026-01-13T15:31:25.400Z

Reserved: 2026-01-13T15:30:19.647Z

Link: CVE-2025-71071

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-13T16:16:06.520

Modified: 2026-01-13T16:16:06.520

Link: CVE-2025-71071

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object