How to fix CVE-2025-71200?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Linux Kernel affected by CVE-2025-71200?

CVE-2025-71200 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-71200

MEDIUM

2026-02-14 416baaa9-dc9f-4396-8d5f-8c081fb06d67

5.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch Released

Apr 09, 2026 - 08:30 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

CVE Published

Feb 14, 2026 - 15:16 nvd

MEDIUM 5.5

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requires maintaining a minimum clock of 52MHz in these modes. Add a check to prevent illegal clock reduction through debugfs: root@debian:/# echo 50000000 > /sys/kernel/debug/mmc0/clock root@debian:/# [ 30.090146] mmc0: running CQE recovery mmc0: cqhci: Failed to halt mmc0: cqhci: spurious TCN for tag 0 WARNING: drivers/mmc/host/cqhci-core.c:797 at cqhci_irq+0x254/0x818, CPU#1: kworker/1:0H/24 Modules linked in: CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0H Not tainted 6.19.0-rc1-00001-g09db0998649d-dirty #204 PREEMPT Hardware name: Rockchip RK3588 EVB1 V10 Board (DT) Workqueue: kblockd blk_mq_run_work_fn pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : cqhci_irq+0x254/0x818 lr : cqhci_irq+0x254/0x818 ...

Analysis

In the Linux kernel, the following vulnerability has been resolved:

mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode

When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requires maintaining a minimum clock of 52MHz in these modes.

Technical Context

In the Linux kernel, the following vulnerability has been resolved:

mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode

When operating in HS200 or HS400 timing modes, reducing the clock frequency

below 52MHz will lead to link broken as the Rockchip DWC MSHC controller

requires maintaining a minimum clock of 52MHz in these modes.

Add a check to prevent illegal clock reduction through debugfs:

root@debian:/# echo 50000000 > /sys/kernel/debug/mmc0/clock

root@debian:/# [

Affected Products

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +28

POC: 0

Vendor Status

CVE-2025-71200 vulnerability details – vuln.today

Back

CVE-2025-71200

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-71200

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code