CVE-2025-71221

CWE-362Race Condition8 documents8 sources
Severity
7.0HIGH
EPSS
0.0%
top 97.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descriptor contents. The race occurs when multiple threads call tx_status() while the tasklet on another CPU is freeing completed descriptors: CPU 0 CPU 1 ----- ----- mmp_pdma_tx_status() mmp_pdma_residue() -> NO LOCK held list_for_each_entry(sw, ..) DMA interrupt

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel3.166.18.10+1
CVEListV5linux/linux1b38da264674d6a0fe26a63996b8f88b88c3da48dfb5e05227745de43b7fd589721817a4337c970d+5
Debianlinux< 6.18.10-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-959m-9w2w-7jxc: In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking2026-02-14
CVEList
dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()2026-02-14
OSV
CVE-2025-71221: In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking i2026-02-14

📋Vendor Advisories

3
Red Hat
kernel: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()2026-02-14
Microsoft
dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()2026-02-10
Debian
CVE-2025-71221: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71221 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-71221 (HIGH CVSS 7) | In the Linux kernel | cvebase.io