CVE-2025-71073 — Use After Free in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
Input: lkkbd - disable pending work before freeing device
lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work
handler lkkbd_reinit() dereferences the lkkbd structure and its
serio/input_dev fields.
lkkbd_disconnect() and error paths in lkkbd_connect() free the lkkbd
structure without preventing the reinit work from being queued again
until serio_close() returns. This can allow the work handler to run
after th…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages8 packages
▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — 3a7cd1397c209076c371d53bf39a55c138f62342+3
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-71073: In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedu↗2026-01-13
GHSA▶
GHSA-fh34-wp9w-rw28: In the Linux kernel, the following vulnerability has been resolved:
Input: lkkbd - disable pending work before freeing device
lkkbd_interrupt() sche↗2026-01-13
📋Vendor Advisories
5Debian▶
CVE-2025-71073: linux - In the Linux kernel, the following vulnerability has been resolved: Input: lkkb...↗2025