What is the CVSS score of CVE-2025-71184?

CVE-2025-71184 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2025-71184?

CVE-2025-71184 presents moderate security risk, a null pointer dereference vulnerability rated CVSS 5.5. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-71184?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Linux Kernel CVE-2025-71184

MEDIUM

NULL Pointer Dereference (CWE-476)

2026-01-31 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Denial Of Service Linux Null Pointer Dereference Red Hat Linux Kernel Suse

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Apr 09, 2026 - 08:30 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 31, 2026 - 12:16 nvd

MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix NULL dereference on root when tracing inode eviction

When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the root might be NULL, as implied in the next check that we do in btrfs_evict_inode().

Hence, we either should set the ->root_objectid to 0 in case the root is NULL, or we move tracing setup after checking that the root is not NULL. Setting the rootid to 0 at least gives us the possibility to trace this call even in the case when the root is NULL, so that's the solution taken here.

AnalysisAI

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix NULL dereference on root when tracing inode eviction

When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id.

Technical ContextAI

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix NULL dereference on root when tracing inode eviction

Hence, we either should set the ->root_objectid to 0 in case the root is NULL, or we move tracing setup after checking that the root is not

RemediationAI

Monitor vendor advisories for a patch.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

Vendor StatusVendor

CVE-2025-71184 vulnerability details – vuln.today

Back

Linux Kernel CVE-2025-71184

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code