CVE-2025-71163

MEDIUM

Linux Kernel 5.15.0-6.18.6 - Use-After-Free in DMA Engine IDXD Compat Bind/Unbind

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/b7bd948f89271c92d9ca9b2b682bfba56896e959

Patch

https://git.kernel.org/stable/c/b2d077180a56e3b7c97b7517d0465b584adc693b

Patch

https://git.kernel.org/stable/c/c81ea0222eaaafdd77348e27d1e84a1b8cfc0c99

Patch

https://git.kernel.org/stable/c/0c97ff108f825a70c3bb29d65ddf0a013d231bb9

Patch

https://git.kernel.org/stable/c/a7226fd61def74b60dd8e47ec84cabafc39d575b

Patch

https://git.kernel.org/stable/c/799900f01792cf8b525a44764f065f83fcafd468

Scores

CVSS v3 5.5

EPSS 0.0019

EPSS Percentile 9.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (21)

linux/Kernel 5.15.0 - 5.15.199linux

linux/Kernel 5.16.0 - 6.1.162linux

linux/Kernel 6.13.0 - 6.18.7linux

linux/Kernel 6.2.0 - 6.6.122linux

linux/Kernel 6.7.0 - 6.12.67linux

Linux/Linux < 5.15

Linux/Linux 5.15

Linux/Linux 5.15.199 - 5.15.*

Linux/Linux 6.1.162 - 6.1.*

Linux/Linux 6.12.67 - 6.12.*

... and 11 more

Published Jan 25, 2026

Tracked Since Feb 18, 2026