CVE-2025-71122Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound14 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedJan 14
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARN_ON by corrupting the reserved interval tree. This only effects test kernels with CONFIG_IOMMUFD_TEST. Validate the user input length in the test ioctl.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

Linuxlinux/linux_kernel6.2.06.6.120+2
NVDlinux/linux_kernel6.2.16.6.120+4
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linuxf4b20bb34c83dceade5470288f48f94ce3598ada4cc829d61f10c20523fd4085c1546e741a792a97+4
debiandebian/linux< linux 6.18.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED2026-01-14
OSV
CVE-2025-71122: In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found2026-01-14
GHSA
GHSA-rgpf-6q47-j6p9: In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller fou2026-01-14

📋Vendor Advisories

9
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-71122 Impact, Exploitability, and Mitigation Steps | Wiz