CVE Catalog

CVE-2025-71313

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the lack of NULL check after calling alloc_workqueue(). This may lead to a NULL pointer dereference, resulting in driver malfunction.

Risk Assessment

The absence of proper error checking may lead to system crashes or driver malfunctions, jeopardizing system stability and security.

Recommendation

It is recommended to add a NULL check after calling alloc_workqueue() and return -ENOMEM on failure to prevent loading the driver with an invalid workqueue pointer.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queue_work() is later called with the NULL workqueue pointer in epf_ntb_epc_init(). Add a NULL check immediately after alloc_workqueue() and return -ENOMEM on failure to prevent the driver from loading with an invalid workqueue pointer.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS