CVE-2025-71313
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to the lack of NULL check after calling alloc_workqueue(). This may lead to a NULL pointer dereference, resulting in driver malfunction.
Risk Assessment
The absence of proper error checking may lead to system crashes or driver malfunctions, jeopardizing system stability and security.
Recommendation
It is recommended to add a NULL check after calling alloc_workqueue() and return -ENOMEM on failure to prevent loading the driver with an invalid workqueue pointer.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queue_work() is later called with the NULL workqueue pointer in epf_ntb_epc_init(). Add a NULL check immediately after alloc_workqueue() and return -ENOMEM on failure to prevent the driver from loading with an invalid workqueue pointer.

