CVE-2025-71071

EUVD-2026-2267

13.01.2026, 16:16

In the Linux kernel, the following vulnerability has been resolved:

iommu/mediatek: fix use-after-free on probe deferral

The driver is dropping the references taken to the larb devices during
probe after successful lookup as well as on errors. This can
potentially lead to a use-after-free in case a larb device has not yet
been bound to its driver so that the iommu driver probe defers.

Fix this by keeping the references as expected while the iommu driver is
bound.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.162-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.249-1 fixed
forky	6.18.12-1 fixed
sid	6.18.14-1 fixed
trixie	vulnerable
trixie (security)	6.12.73-1 fixed

linux-6.1

bullseye (security)

6.1.162-1~deb11u1

fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-01-13T23:00:00+00:00

References

https://git.kernel.org/stable/c/1ef70a0b104ae8011811f60bcfaa55ff49385171

https://git.kernel.org/stable/c/5c04217d06a1161aaf36267e9d971ab6f847d5a7

https://git.kernel.org/stable/c/896ec55da3b90bdb9fc04fedc17ad8c359b2eee5

https://git.kernel.org/stable/c/de83d4617f9fe059623e97acf7e1e10d209625b5

https://git.kernel.org/stable/c/f6c08d3aa441bbc1956e9d65f1cbb89113a5aa8a