CVE-2025-71308
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
In the Linux kernel, in the accel/amdxdna driver, a vulnerability was found where a NULL pointer dereference can occur during context cleanup. The aie_destroy_context() function is called on error in aie2_create_context(), but it assumes the mailbox channel pointer is non-NULL. If mailbox channel creation fails, the pointer remains NULL, leading to a NULL pointer dereference.
Risk Assessment
The risk involves a possible system hang or kernel panic due to a NULL pointer dereference, which can cause service disruption and data loss.
Recommendation
It is recommended to immediately update the Linux kernel to a version containing the fix, which replaces the aie_destroy_context() call with a function that removes the context previously created by the firmware.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie_destroy_context() is invoked during error handling in aie2_create_context(). However, aie_destroy_context() assumes that the context's mailbox channel pointer is non-NULL. If mailbox channel creation fails, the pointer remains NULL and calling aie_destroy_context() can lead to a NULL pointer dereference. In aie2_create_context(), replace aie_destroy_context() with a function which request firmware to remove the context created previously.

