CVE Catalog

CVE-2025-71308

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

3th percentile - higher than 3% of all known CVEs

Summary

In the Linux kernel, in the accel/amdxdna driver, a vulnerability was found where a NULL pointer dereference can occur during context cleanup. The aie_destroy_context() function is called on error in aie2_create_context(), but it assumes the mailbox channel pointer is non-NULL. If mailbox channel creation fails, the pointer remains NULL, leading to a NULL pointer dereference.

Risk Assessment

The risk involves a possible system hang or kernel panic due to a NULL pointer dereference, which can cause service disruption and data loss.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix, which replaces the aie_destroy_context() call with a function that removes the context previously created by the firmware.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie_destroy_context() is invoked during error handling in aie2_create_context(). However, aie_destroy_context() assumes that the context's mailbox channel pointer is non-NULL. If mailbox channel creation fails, the pointer remains NULL and calling aie_destroy_context() can lead to a NULL pointer dereference. In aie2_create_context(), replace aie_destroy_context() with a function which request firmware to remove the context created previously.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS