Skip to main content

Linux Kernel EUVDEUVD-2025-210056

| CVE-2025-71313 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-03 Linux GHSA-q63g-px5v-r7jv
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
7.0 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 22:46 vuln.today
CVSS changed
Jun 09, 2026 - 20:37 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Add missing NULL check for alloc_workqueue()

alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queue_work() is later called with the NULL workqueue pointer in epf_ntb_epc_init().

Add a NULL check immediately after alloc_workqueue() and return -ENOMEM on failure to prevent the driver from loading with an invalid workqueue pointer.

AnalysisAI

NULL pointer dereference in the Linux kernel's PCI endpoint NTB driver allows an authenticated local attacker to crash the kernel (denial of service) by triggering a memory allocation failure during driver initialization. The missing NULL check after alloc_workqueue() in epf_ntb_epc_init() causes a subsequent queue_work() call to dereference a NULL pointer, resulting in a kernel panic. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (5th percentile) reflects the narrow hardware-specific attack surface; this is not confirmed actively exploited (CISA KEV absent).

Technical ContextAI

The vulnerability resides in the Linux kernel's PCI endpoint subsystem, specifically the Non-Transparent Bridge (NTB) endpoint function driver (epf_ntb). CWE-476 (NULL Pointer Dereference) is the root cause class: the kernel's alloc_workqueue() API can legitimately return NULL on memory allocation failure, but the driver's epf_ntb_epc_init() function did not validate this return value before passing it to queue_work(). When the workqueue pointer is NULL, the subsequent dereference triggers a kernel panic. The CPE cpe:2.3:a:linux:linux:* covers the Linux kernel broadly; EUVD data traces the introduction of the vulnerable code to commit 8b821cf761503b80d0bd052f932adfe1bc1a0088, with the defect present from at least Linux 5.12. PCI endpoint mode (device-side PCIe) is an uncommon deployment, used in embedded systems and specialized hardware, significantly bounding the exposed population.

RemediationAI

Upgrade to Linux kernel 6.19.4 or 7.0 (or later stable releases), which incorporate the upstream fix commits 314eab6740bcda504ef978be599f805de05ce6de and 03f336a869b3a3f119d3ae52ac9723739c7fb7b6 respectively, available from https://git.kernel.org/stable/c/314eab6740bcda504ef978be599f805de05ce6de and https://git.kernel.org/stable/c/03f336a869b3a3f119d3ae52ac9723739c7fb7b6. Distribution kernels (RHEL, Debian, Ubuntu, SUSE) should be monitored for backported fixes to their respective stable branches. As a compensating control on systems where upgrading is not immediately feasible, blacklisting the epf_ntb module via echo 'blacklist epf_ntb' >> /etc/modprobe.d/blacklist.conf and unloading it with modprobe -r epf_ntb eliminates the vulnerable code path entirely; the trade-off is loss of NTB endpoint functionality, which is acceptable on systems not actively using PCIe endpoint/NTB features. Systems not using PCI endpoint hardware require no action.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2025-210056 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy