CVE-2025-71115 — Use of Uninitialized Resource in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 14
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
um: init cpu_tasks[] earlier
This is currently done in uml_finishsetup(), but e.g. with
KCOV enabled we'll crash because some init code can call
into e.g. memparse(), which has coverage annotations, and
then the checks in check_kcov_mode() crash because current
is NULL.
Simply initialize the cpu_tasks[] array statically, which
fixes the crash. For the later SMP work, it seems to have
not really caused any problems yet, but in…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages8 packages
▶CVEListV5linux/linux2f681ba4b352cdd5658ed2a96062375a12839755 — dbbf6d47130674640cd12a0781a0fb2a575d0e44+2
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-743m-w227-wrrf: In the Linux kernel, the following vulnerability has been resolved:
um: init cpu_tasks[] earlier
This is currently done in uml_finishsetup(), but e↗2026-01-14
OSV▶
CVE-2025-71115: In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e↗2026-01-14
📋Vendor Advisories
5Debian▶
CVE-2025-71115: linux - In the Linux kernel, the following vulnerability has been resolved: um: init cp...↗2025