CVE-2025-71134Resource Injection in Linux

CWE-99Resource Injection7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 14

Description

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to match the one of the page being freed. However, only the first pageblock of the buddy page is updated, while the rest of the pageblocks are left unchanged. That causes warnings in later expand() and oth

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

Linuxlinux/linux_kernel6.10.06.12.65+1
NVDlinux/linux_kernel6.10.16.12.65+3
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linuxe6cf9e1c4cde8a53385423ecb8ca581097f42e02914769048818021556c940b9163e8056be9507dd+3
debiandebian/linux< linux 6.18.5-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2025-71134: In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is fre2026-01-14
OSV
mm/page_alloc: change all pageblocks migrate type on coalescing2026-01-14
GHSA
GHSA-wpqv-9qcp-f278: In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is f2026-01-14

📋Vendor Advisories

2
Red Hat
kernel: mm/page_alloc: change all pageblocks migrate type on coalescing2026-01-14
Debian
CVE-2025-71134: linux - In the Linux kernel, the following vulnerability has been resolved: mm/page_all...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71134 Impact, Exploitability, and Mitigation Steps | Wiz