{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71233", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-02-18T14:25:13.845Z", "datePublished": "2026-02-18T14:53:17.926Z", "dateUpdated": "2026-05-11T21:56:54.929Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:56:54.929Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Avoid creating sub-groups asynchronously\n\nThe asynchronous creation of sub-groups by a delayed work could lead to a\nNULL pointer dereference when the driver directory is removed before the\nwork completes.\n\nThe crash can be easily reproduced with the following commands:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test && rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nFix this issue by using configfs_add_default_group() API which does not\nhave the deadlock problem as configfs_register_group() and does not require\nthe delayed work handler.\n\n[mani: slightly reworded the description and added stable list]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/endpoint/pci-ep-cfs.c"], "versions": [{"version": "e85a2d7837622bd99c96f5bbc7f972da90c285a2", "lessThan": "fa9fb38f5fe9c80094c2138354d45cdc8d094d69", "status": "affected", "versionType": "git"}, {"version": "e85a2d7837622bd99c96f5bbc7f972da90c285a2", "lessThan": "5f609b3bffd4207cf9f2c9b41e1978457a5a1ea9", "status": "affected", "versionType": "git"}, {"version": "e85a2d7837622bd99c96f5bbc7f972da90c285a2", "lessThan": "8cb905eca73944089a0db01443c7628a9e87012d", "status": "affected", "versionType": "git"}, {"version": "e85a2d7837622bd99c96f5bbc7f972da90c285a2", "lessThan": "d9af3cf58bb4c8d6dea4166011c780756b1138b5", "status": "affected", "versionType": "git"}, {"version": "e85a2d7837622bd99c96f5bbc7f972da90c285a2", "lessThan": "24a253c3aa6d9a2cde46158ce9782e023bfbf32d", "status": "affected", "versionType": "git"}, {"version": "e85a2d7837622bd99c96f5bbc7f972da90c285a2", "lessThan": "73cee890adafa2c219bb865356e08e7f82423fe5", "status": "affected", "versionType": "git"}, {"version": "e85a2d7837622bd99c96f5bbc7f972da90c285a2", "lessThan": "7c5c7d06bd1f86d2c3ebe62be903a4ba42db4d2c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/endpoint/pci-ep-cfs.c"], "versions": [{"version": "5.12", "status": "affected"}, {"version": "0", "lessThan": "5.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.201", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.164", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.127", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.72", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.11", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.1", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "5.15.201"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.1.164"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.6.127"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.12.72"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.18.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.19.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fa9fb38f5fe9c80094c2138354d45cdc8d094d69"}, {"url": "https://git.kernel.org/stable/c/5f609b3bffd4207cf9f2c9b41e1978457a5a1ea9"}, {"url": "https://git.kernel.org/stable/c/8cb905eca73944089a0db01443c7628a9e87012d"}, {"url": "https://git.kernel.org/stable/c/d9af3cf58bb4c8d6dea4166011c780756b1138b5"}, {"url": "https://git.kernel.org/stable/c/24a253c3aa6d9a2cde46158ce9782e023bfbf32d"}, {"url": "https://git.kernel.org/stable/c/73cee890adafa2c219bb865356e08e7f82423fe5"}, {"url": "https://git.kernel.org/stable/c/7c5c7d06bd1f86d2c3ebe62be903a4ba42db4d2c"}], "title": "PCI: endpoint: Avoid creating sub-groups asynchronously", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D9A1F-E24E-4F40-B86B-30FF1377DAFB", "versionEndExcluding": "5.15.201", "versionStartIncluding": "5.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6892F74B-3F14-4500-9652-24A2ECB04144", "versionEndExcluding": "6.1.164", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A9F36A3-A685-48A0-84B4-6217052BD058", "versionEndExcluding": "6.6.127", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1A7E514-FB3C-4B6B-8046-07D5A8F04644", "versionEndExcluding": "6.12.72", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7099A9EC-3D54-4424-BF01-7224EF88C79C", "versionEndExcluding": "6.18.11", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE543C0D-A06B-414F-A403-CB1E088F261E", "versionEndExcluding": "6.19.1", "versionStartIncluding": "6.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Avoid creating sub-groups asynchronously\n\nThe asynchronous creation of sub-groups by a delayed work could lead to a\nNULL pointer dereference when the driver directory is removed before the\nwork completes.\n\nThe crash can be easily reproduced with the following commands:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test && rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nFix this issue by using configfs_add_default_group() API which does not\nhave the deadlock problem as configfs_register_group() and does not require\nthe delayed work handler.\n\n[mani: slightly reworded the description and added stable list]"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nPCI: endpoint: Evitar la creaci\u00f3n as\u00edncrona de subgrupos\n\nLa creaci\u00f3n as\u00edncrona de subgrupos por un trabajo retrasado podr\u00eda llevar a una desreferencia de puntero NULL cuando el directorio del controlador es eliminado antes de que el trabajo se complete.\n\nEl fallo puede ser f\u00e1cilmente reproducido con los siguientes comandos:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test && rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nSoluciona este problema usando la API configfs_add_default_group() que no tiene el problema de interbloqueo como configfs_register_group() y no requiere el manejador de trabajo retrasado.\n\n[mani: se ha reformulado ligeramente la descripci\u00f3n y se ha a\u00f1adido la lista estable]"}], "id": "CVE-2025-71233", "lastModified": "2026-03-18T17:14:10.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-18T16:22:30.080", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/24a253c3aa6d9a2cde46158ce9782e023bfbf32d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5f609b3bffd4207cf9f2c9b41e1978457a5a1ea9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73cee890adafa2c219bb865356e08e7f82423fe5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7c5c7d06bd1f86d2c3ebe62be903a4ba42db4d2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8cb905eca73944089a0db01443c7628a9e87012d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d9af3cf58bb4c8d6dea4166011c780756b1138b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa9fb38f5fe9c80094c2138354d45cdc8d094d69"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: PCI: endpoint: Avoid creating sub-groups asynchronously", "id": "2440667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440667"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-71233", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-71233\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71233\nhttps://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71233-0c35@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d9af3cf58bb4c8d6dea4166011c780756b1138b5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,24a253c3aa6d9a2cde46158ce9782e023bfbf32d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,73cee890adafa2c219bb865356e08e7f82423fe5)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.72,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.11,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.1,6.20.0)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-20T17:27:15.918272+00:00", "value": {"mitigation_remediation": ["Apply the latest Linux kernel update that includes the configfs_add_default_group fix", "If the kernel cannot be updated immediately, avoid performing rapid create and delete operations on PCI endpoint configuration directories in /sys/kernel/config/pci_ep/functions", "Monitor kernel logs for null pointer dereferences or kernel panics and investigate promptly"], "summary": {"action": "Update Kernel", "impact": "NULL pointer dereference that causes kernel crash"}, "threat_synthesis": {"affected_systems": "All versions of the Linux kernel that have not yet incorporated the fix are affected. The precise kernel release numbers are not specified in the advisory, so any kernel prior to the inclusion of configfs_add_default_group() is considered vulnerable.", "description_and_impact": "The vulnerability arises when the PCI endpoint driver creates sub\u2011groups asynchronously using a delayed work handler. If the driver directory is removed before the work executes, the handler dereferences a NULL pointer, causing a kernel crash. The crash manifests as a fault in configfs_register_group and a resulting kernel panic. This leads to a denial of service by bringing the affected system down to a non\u2011functional state. The weakness is a classic Defective Null Pointer Dereference (CWE\u2011476).", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity, and an EPSS score of less than 1% shows a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local: an attacker or a process with write access to configfs can repeatedly create and remove directories under /sys/kernel/config/pci_ep/functions without requiring privileged escalation, triggering the crash. Exploitation requires only the ability to execute the faulty work, which is present in the kernel\u2019s configuration."}}}}, "created": "2026-02-19T10:11:55.232557+00:00", "updated": "2026-04-20T17:30:12.656339+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}