CVE-2025-71202

CWE-9098 documents8 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 96.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code that manages combined user and kernel page tables, specifically before any kernel page table page is freed and reused. This addresses the main issue with vfree() which is a common occurrence and can be t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel4.46.18.7
CVEListV5linux/linux2f26e0a9c9860db290d63e9d85c2c8c09813677f9f0a7ab700f8620e433b05c57fbd26c92ea186d9+2
Debianlinux< 6.18.8-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-c4h6-jgrf-pj9p: In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a n2026-02-14
CVEList
iommu/sva: invalidate stale IOTLB entries for kernel address space2026-02-14
OSV
CVE-2025-71202: In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new2026-02-14

📋Vendor Advisories

3
Red Hat
kernel: Linux kernel: Memory Corruption and Kernel Crashes via IOMMU SVA coherency issue2026-02-14
Microsoft
iommu/sva: invalidate stale IOTLB entries for kernel address space2026-02-10
Debian
CVE-2025-71202: linux - In the Linux kernel, the following vulnerability has been resolved: iommu/sva: ...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71202 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-71202 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io