CVE-2025-71099 — Use After Free in Linux
CWE-416 — Use After FreeCWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition10 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping
metrics_lock. Since this lock protects the lifetime of oa_config, an
attacker could guess the id and call xe_oa_remove_config_ioctl() with
perfect timing, freeing oa_config before we dereference it, leading to
a potential use-after-free.
Fix this by caching the id in a local variable while holding the…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages8 packages
▶CVEListV5linux/linuxcdf02fe1a94a768cbcd20f5c4e1a1d805f4a06c0 — c6d30b65b7a44dac52ad49513268adbf19eab4a2+3
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-wx5q-w2fh-f8w8: In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
In xe_oa_add_config_ioc↗2026-01-13
OSV▶
CVE-2025-71099: In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl↗2026-01-13
📋Vendor Advisories
5Debian▶
CVE-2025-71099: linux - In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: ...↗2025