CVE-2025-71110 — Use After Free in Linux

CWE-416 — Use After Free7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJan 14

Description

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free(). On ARM64 with MTE (Memory Tagging Extension), kasan_slab_free() poisons the memory and changes the tag from the original (e.g., 0xf3) to a poison tag (0xfe). When defer_free() then tries to write to the freed object to build the deferred free list via llist_add(),…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.18.0 — 6.18.3

▶NVDlinux/linux_kernel6.18.1 — 6.18.3+2

▶CVEListV5linux/linuxaf92793e52c3a99b828ed4bdd277fd3e11c18d08 — 65d4e5af2a2e82f4fc50d8259aee208fbc6b2c1d+2

▶debiandebian/linux

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

mm/slub: reset KASAN tag in defer_free() before accessing freed memory↗2026-01-14

▶

GHSA

GHSA-m8f2-rw7m-jrxf: In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONF↗2026-01-14

▶

OSV

CVE-2025-71110: In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG↗2026-01-14

▶

📋Vendor Advisories

Red Hat

kernel: mm/slub: reset KASAN tag in defer_free() before accessing freed memory↗2026-01-14

▶

Debian

CVE-2025-71110: linux - In the Linux kernel, the following vulnerability has been resolved: mm/slub: re...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-71110 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶