Skip to main content

Linux Kernel CVE-2025-71233

MEDIUM
NULL Pointer Dereference (CWE-476)
2026-02-18 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Denial Of Service Linux Null Pointer Dereference Red Hat Linux Kernel Suse
5.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 18, 2026 - 16:22 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Avoid creating sub-groups asynchronously

The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes.

The crash can be easily reproduced with the following commands:

cd /sys/kernel/config/pci_ep/functions/pci_epf_test

for i in {1..20}; do mkdir test && rmdir test; done

BUG: kernel NULL pointer dereference, address: 0000000000000088 ... Call Trace: configfs_register_group+0x3d/0x190 pci_epf_cfs_work+0x41/0x110 process_one_work+0x18f/0x350 worker_thread+0x25a/0x3a0

Fix this issue by using configfs_add_default_group() API which does not have the deadlock problem as configfs_register_group() and does not require the delayed work handler.

[mani: slightly reworded the description and added stable list]

AnalysisAI

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Avoid creating sub-groups asynchronously

The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes.

Technical ContextAI

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Avoid creating sub-groups asynchronously

The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes.

The crash can be easily reproduced with the following commands:

cd /sys/kernel/config/pci_ep/functions/pci_epf_test

for i in {1..20}; do mkdir test && rmdir test; done

BUG: kernel NULL pointer deref

RemediationAI

Monitor vendor advisories for a patch.

More from same product – last 7 days

CVE-2026-44050 CRITICAL
9.9 May 21

Heap buffer overflow in the Netatalk cnid_metad daemon's comm_rcv() function allows remote attackers with low-level priv
CVE-2026-44048 HIGH
8.8 May 21

Stack-based buffer overflow in Netatalk versions 2.0.4 through 4.4.2 allows authenticated remote attackers to corrupt me
CVE-2026-44047 HIGH
8.8 May 21

SQL injection in Netatalk 3.1.0 through 4.4.2 allows authenticated remote attackers to compromise the MySQL-backed CNID

CVE-2026-44051 HIGH
8.1 May 21

Arbitrary file read in Netatalk 3.0.2 through 4.4.2 allows authenticated remote attackers to create attacker-controlled

CVE-2026-9277 HIGH
8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

Vendor StatusVendor

Share

CVE-2025-71233 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy